Data Protection & Cyber Security

Electronic Data Interchange system: conduct criteria review, create risk profile & procedure. Assess risk of customers & suppliers

In the Distribution sector, there is a high degree of electronic data exchange between the companies and their numerous suppliers, distributors, retailers, customers, and service providers.

It is therefore crucial for data protection and cyber security to be carefully managed. The sector has committed to focus on its high-risk customers and suppliers as the priority. This will be done through two avenues; development of an electronic data Interchange system procedure and cyber-attack incident protocols, both of which will be rolled out firstly to the high-risk customers and suppliers, and then to the remainder of these categories over time.

The Group worked concertedly in 2022 to increase its Cybersecurity. This started with a Group Wide Cybersecurity quantified risk assessment and gap analysis to determine the current cybersecurity posture and privacy level. The output of this exercise was an Information Security Strategic Plan which outlined specific initiatives aimed at reducing risk. Group IT commenced implementation of a three-year programme geared towards improving ANSA McAL’s Security Posture.

The assessment determined the Cybersecurity controls to be implemented. To conform with industry best practices, the implementations are aligned with reducing risk in the areas which

Create Cyber-attack incident protocols for Supplier & Customer management. Protocol awareness training with high-risk customers & Suppliers provide the greatest benefit in the shortest time frame. In this way the roadmap outlines the best sequence of technical implementations.

THE GROUP WILL BE DEVELOPING A CYBERSECURITY GOVERNANCE FRAMEWORK WHICH WILL ALLOW FOR CONTINUOUS MONITORING OF OUR SECURITY POSTURE AND RE-EVALUATION OF OUR STANDARDS, POLICIES AND PROCEDURES.

Implementation of the first year of programmes began in August 2022. All group assets and networks will be monitored by a Security Operations Centre (SOC). These services use state of the art Artificial Intelligence as well as highly trained analysts to detect potential threats to our networks and assets and provide adequate and timely responses. Subsequent programmes will focus on proactive initiatives geared towards protection from and detection of threats, secure configurations as well as developing our forensic analysis capabilities.

Our Cybersecurity Awareness & Training program is ongoing, and we have seen a dramatic rise in awareness about Cybersecurity. Our employees are continuously reporting malicious emails and we provide training, response and guidance to them directly.