A 50‑year old company in the world’s oldest industry—agriculture—is an unlikely role model for best practices in 21st cybersecurity.
Yet in May 2017, with the WannaCry ransomware victimizing companies around the globe, Fonterra, the world’s largest dairy cooperative, decided it needed to better understand its true attack surface before it was too late. That led it to invest in a set of new tools that gave it real‑time visibility into threats across hundreds of sites and assets.
“We realized we didn’t have a common view of assets and how they linked to business services,” said Cynthia Patterson, Fonterra’s general manager, technology & services, during a keynote security presentation at Knowledge18, ServiceNow’s annual conference. The goal was simple: “Figure out what to patch and when,” she said.
Managing routine security threats is a fundamental task at which most companies fail. Just 37% of companies that were breached over the last two years perform basic vulnerability scanning, according to a recent ServiceNow survey conducted by the Ponemon Institute. And 57% of cyberattack victims report that their breaches could have been prevented by installing an available patch.
In other words, the majority of companies continually fail at basic security hygiene.
The reason: they’re distracted, said Sean Convery, VP and GM of ServiceNow’s security business unit, speaking at Knowledge18.
Tasks such as vulnerability scanning are “not as exciting an undertaking, not as fun to talk about compared to how you thwarted the bad guys,” he said. Yet they are often the projects that have the biggest impact on security.
Fonterra is New Zealand’s largest company, supporting 10,500 dairy farmers and their families and more than 20,000 employees worldwide. The company exports 95% of what it produces, and accounts for 30% of the global dairy trade, according to Patterson.
As the company has expanded in recent years, so have the risks. With IT assets spread across 300 sites in 140 markets, and with outside vendors handling key pieces, IT managers struggled to keep up with vulnerability scanning and patching.
Less than a year after adopting ServiceNow’s security platform, Patterson said Fonterra has reduced its overall attack surface and slashed response times by switching from manual tasks and spreadsheets to automation tools built into the platform.
The new system also helps Fonterra connect security risk to business operations in a more coherent way. “We can look at our assets, link them to services, and see the business impact,” Patterson said.
Reducing ‘swivel time’
One theme of Knowledge18 was how automating SecOps can free up analyst time and improve overall threat response.
One company talked about how it helped reduce the “swivel time” time analysts spent toggling between screens and systems, trying to identify and confirm security threats. Another described how, after it suffered a serious attack, more automation helped it recover and prevent future incidents.
“People are taking the things that are painful and frequent and trying to automate those tasks so they don’t occur as often,” Convery said. When companies use spreadsheets to track incidents, it makes it impossible for them to do meaningful reporting. Automating can help reduce response time by 45%, Convery said.
That’s critical at a time when there’s a shortage of security professionals to hire. And, Convery said, it beats having to buy an endless number of point solutions.