Cybersecurity in today’s business landscape includes more than just a technical aspect. It extends beyond safeguarding systems and IT infrastructure to encompass awareness, risk management, and cultivating a corporate culture that is attuned to threats and the imperative need to address them effectively. In this article, we engage in a conversation with Barry Bastiaansen, who has held the role of Chief Information Security Officer (CISO) at Steinweg since 2019. He shares insights into how cybersecurity plays a critical role in safeguarding information, securing customer data, and meeting the requirements of financial institutions and (potential) clients.
The reason for establishing the CISO role
The role of a CISO was established at Steinweg in 2019, with Barry being the first to take on this responsibility. What prompted the need for a CISO? Barry explains, “You can trace it back to the major cyberattack at APM Terminals in 2017, which occurred at the port. APM Terminals fell victim to an attack originating from Russia on a Ukrainian accounting firm they were associated with. This attack had severe consequences, with systems ceasing to function and backups vanishing. It had significant financial repercussions for APM Terminals and instilled fear in the Rotterdam port.”
This cyberattack underscored the necessity for heightened cybersecurity at Steinweg, leading to the search for a CISO to elevate the status of information security.
Text continues after image.
Challenges at a historic company
Steinweg has a long history that dates back more than 175 years. While this rich history has established the company as a global logistics firm with numerous divisions, it also brings both advantages and challenges. “The extensive history of Steinweg has led to a wide variety of different systems and divisions”, notes Barry. “This has led to a culture of ‘we are unique,’ which, in itself, is quite positive but also resulted in the development of custom software and systems.”
These legacy systems proved challenging to upgrade and posed an escalating security risk. Barry underscores the importance of standardizing systems to enhance manageability. “We are standardizing the organization globally, which means we use the same IT systems and software from Rotterdam to China and beyond”, he explains. This move towards standardization enhances uniform information security management worldwide.
A changing corporate culture
Addressing cybersecurity isn’t only a matter of technology and systems; it also involves a shift in mindset and corporate culture. Barry observes that Steinweg’s original focus was primarily operational and commercially oriented. Over time, this new focus has evolved, with the organization recognizing the significance of securing systems and information. “Steinweg grew by concentrating on operational and commercial aspects”, he says. “But in today’s world, there are also secondary issues, such as compliance with laws and regulations, changes in communication strategies, and other factors that impact commercial activities.”
Text continues after image.
Training to recognize phishing emails
Introducing cybersecurity and information security requires employees to approach issues differently and become aware of risks. It’s no longer sufficient to solely prioritize operational efficiency; risk management and information security need to be ingrained throughout the organization. This awareness is embraced at Steinweg and translated into action. An example is the training provided to employees to recognize phishing emails. “We find that people eagerly participate in the training. It happens organically; we don’t apply excessive pressure. Gamification plays a role here. Employees can earn badges and improve their skills. Additionally, the option to report phishing emails and receive feedback enhances awareness and motivation.”
The role of cybersecurity in customer satisfaction
Cybersecurity primarily focuses on safeguarding internal information but also impacts customer satisfaction. Barry explains, “Information security is crucial for Steinweg because we handle confidential customer information. Our customers can trust that their data is secure with us. Information security is an integral part of the high-quality services we provide to our customers.”
The future of cybersecurity in customer satisfaction
While Steinweg remains committed to enhancing cybersecurity, additional challenges lie on the horizon. One of the key developments is the global implementation of SAP. Barry explains, “We are working on implementing SAP globally, with the core value of ‘One Company’. We want our processes and IT systems to be uniform worldwide, which benefits manageability and security.” However, this global implementation will not be without challenges, as each country and division has its unique characteristics. Cultural differences and the need for local adaptations will need to be addressed. “That’s part of being a large, international organization like Steinweg. I am confident the implementation will be successful.”
Increasing regulatory compliance
In addition to internal efforts and IT implementations, Steinweg also faces evolving cybersecurity regulations. Barry highlights the impending Network and Information Security Directive 2 (NIS 2) legislation in Europe, which pertains to networks and information systems and imposes stricter security requirements. “We are preparing for this legislation by designating parts of the organization as ‘critical,’ resulting in enhanced security measures.”
It’s evident that information security is not solely a technological matter but also involves awareness, risk management, and a shift in corporate culture. As the domain of cybersecurity evolves, Steinweg remains committed to protecting customer data and meeting the requirements of financial institutions, clients, and regulators.
Published on: 10 October 2023