Data is a crucial part of the global economy. In an increasingly interconnected world, data helps businesses understand their customers, develop better products, and create more streamlined, seamless commercial relationships.
But all this customer and financial data has to be stored somewhere and used in a responsible way. As an increasing number of business interactions go digital, the risk of cyber-attacks becomes a hugely important threat – one that is just as much about people as technology.
The importance of business continuity
Recent high-profile cyber-attacks show that they can cause huge disruptions to operations which can stretch from several days to even weeks. The Colonial Pipeline was brought to a standstill for six days by a ransomware attack in May 2022. The disruption affected almost half the fuel supply of the entire US East Coast. Similar attacks have resulted in European oil facilities being down or disrupted for weeks. There are many more examples of companies either paying multimillion-dollar ransom fees or being out of business for extended periods of time.
“For me, customer excellence is all about being able to deliver continuous service to the customer,” says Peter Koenders, Chief Information Officer at Stolt-Nielsen (pictured). “In many cases, the service we provide to businesses is a core element in their processes. If our ability to operate is disrupted so is the ability of our customers to provide their end product or service to their own customers. So, robust and reliable service really is an incredibly important part of customer excellence – and cybersecurity is central to our ability to guarantee that.”
Robust, ready and reliable
Stolt-Nielsen is committed to ensuring uninterrupted operations as well as support for its customers’ business processes. At the heart of this is protecting data – both customer and internal. Limiting the risk of interruptions due to cyber-attacks requires a continuous focus on cybersecurity. As technology continues to evolve so do the threats that businesses face, creating the need for regular reassessment and training. The challenge is that adaptability mustn’t come at the cost of robustness, which is why the Stolt-Nielsen team works with a range of external partners to ensure a structured approach.
Using an information security management system based on the US National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) allows Stolt-Nielsen to organise its cybersecurity efforts and to set goals for improving cybersecurity. The framework is widely considered to be the gold standard for building a cybersecurity programme and sets out recommendations and benchmarks that help organisations be better prepared to identify and detect attacks. It also provides guidelines on how to respond, prevent, and recover from cyber incidents.
“Today, we have a multi-layered defence strategy,” says Koenders, “including security operations centre monitoring, next-generation firewalls, robust incident response capabilities, malware detection, and advanced web and email filtering technologies.” The Company also makes use of multi-factor authentication for employees’ remote access, encrypts data where possible, regularly tests backups and recovery processes, and performs ongoing vulnerability assessments.
"Robust and reliable service really is an incredibly important part of customer excellence – and cybersecurity is central to our ability to guarantee that.” Peter Koenders, Chief Information Officer, Stolt-Nielsen
But cybersecurity is not just about having the right anti-virus programme or firewall installed. Having the visibility, continuous monitoring and oversight to spot suspicious activity or a breach early enough to significantly limit the damage is also hugely important. However, having these two factors in place is sometimes not enough.
If something does happen, teams need to be able to respond, with predefined procedures to contain the impact, similar to those used to respond to a safety incident onboard a vessel or at a terminal or depot. To limit the duration and impact of a cyber incident, the Stolt-Nielsen team has implemented and tested the appropriate procedures to recover and restore business processes and services.
“We have disaster recovery plans in place and we test them by simulating a full datacentre failure,” says Koenders. “We consider a huge range of situations – from a hurricane hitting a terminal to large-scale cyber-attacks. In fact, one of the reasons the Company was able to adapt to Covid-19 and remote working so seamlessly is that we had planned for a situation just like it years earlier.”
Creating a security-conscious culture
It can be easy to think of cybersecurity as a purely technical issue. That, if you throw enough money and technical resources at it, risks can be contained. But this is only half the picture. After all, it’s humans who interact with the data as well as try to steal it. Most importantly, it is human lives that are impacted by the effects of a serious cyber-attack, both professionally and personally.
The human factor remains a key piece in the cybersecurity puzzle, but one that is always unpredictable. No matter how comprehensive a company’s cybersecurity training, an employee might still click on a malicious link, or an administrator may make a configuration mistake.
“To make sure we are working as securely as possible, we have an ongoing IT security awareness campaign,” says Perry van Vliet, IT Security Officer at Stolt-Nielsen (pictured). “This not only includes mandated training for all employees but also things like simulated phishing campaigns, awareness weeks and different security-themed employee communications. So, as well as technical measures like multi-factor authentication, we are making sure that people are always reminded to be careful.”
To further lower risks, Stolt-Nielsen applies security standards, and regularly tests its controls externally and internally via penetration tests or ethical hackers. It also requires a cybersecurity certification from its critical IT vendors.
“Ethical hacking is a really interesting process,” says van Vliet. “Basically, we ask a hacker to try to break through our defences. That way we not only test the robustness of our infrastructure, but of our response processes as well. This allows for continuous improvement.”
Providing stability in an evolving threat landscape
There are many factors that make up customer excellence. A company can have great products, responsive service and a multichannel presence, but these won’t mean anything if customers don’t have confidence in your ability to store and manage data. As a leader in its markets, Stolt-Nielsen needs to be able to demonstrate it is up to the task. And that is exactly what it is doing.
“We have to keep testing ourselves, and closing every gap we find,” says Koenders. “We know that what we are doing is working. On a basic level, when we send out phishing emails we can see a long-term trend of fewer people clicking on the links and more people reporting the emails as suspicious. That is really the kind of mindset shift we are aiming for.”