Engaged by Foodstuffs to uplift the foundational security capabilities

Jointly developed a Security Programme that prioritised key threats faced by the organisation.

VISION

Foodstuffs North Island (FSNI) are New Zealand’s largest grocery retailer with 330 stores servicing 70% of New Zealanders. As a grocery co‑operative, FSNI are committed to becoming the world’s most customer‑driven retailer and to being a positive force for New Zealand.

They have been here for a century and are looking forward to being here for New Zealanders for the next century. Foodstuffs is a complex network of supply chain, stores and support centres all geared to towards ensuring there is enough food on the shelves when and where it is needed.

In mid-2019, DEFEND were engaged by FSNI. Cybersecurity Transformation Services (CTS) work began to uplift the foundational security capabilities. This work started with the development of a risk and framework-based approach to security which included: Strategy, Policies and Standards, Risk Management, and a PCI Compliance Project.

OUR APPROACH

DEFEND & FSNI jointly developed a Security Programme that was Threat Aligned, Risk Informed, and provided a vehicle to uplift the effectiveness of security controls across FSNI. This Programme was tied back to key threats and prioritised by the top risks faced by the organisation.

DEFEND’s key themes for enabling the successful security programme consisted of:

Security can’t be done to the organisation

Security has to be done alongside the organisation and requires the whole organisation to come on the journey with us. This provides an opportunity for representation of views across the breadth of the business.

Diversity and Inclusion

FSNI has a diverse set of employees from Distribution Centre workers, Support teams based in offices to Supermarket employees on the front line. The FSNI Programme actively considers the impact to the entire business and solicits feedback through change champions embedded in every part of the organisation.

Reduce Pain Points and User Friction

Security must be an enabler for the business. Together, we proactively track known pain points and causes of user friction, with a view to reduce, if not eliminate, these as part of the Programme. Security controls must be tailored specifically for the organisation.

Adaptability

Delivering a Programme of Work for such a large, complex, and geographically distributed organisation is challenging in and of itself. Undertaking this at a time when the world was rife with the COVID-19 pandemic presented additional challenges and hence the Programme must be agile enough to adapt to the volatile and uncertain landscape, remote working, and with zero appetite to impact the supply chain during lockdowns experienced at the time.

User Awareness

Each change is communicated to impacted staff, training material and collateral is developed to ensure users are trained and aware of new ways of working.

Operational Processes

Effective security controls require defined and documented operational processes. The security Programme is developing processes to augment and enable the deployment of technology across Guest User Management, Enterprise Application Registration & Management, Endpoint Management, Privileged Account Use as well as Vulnerability and Threat Management.

FSNI’S OUTCOME

The improvements made have resulted in an uplift in cybersecurity resilience within FSNI and has digitally enabled the two main goals – keeping stock on shelves and keeping people safe.

Increases in automation are also freeing up time usually consumed in triage to be spent in other areas that are increasing efficiency and driving meaningful transformation across the business. This highlights DEFEND’s commitment to building a cyber resilient New Zealand and how we partnered with New Zealand’s largest grocery retailer, helping them achieve their security goals and keep a country fed in a time of crisis.

“Our cybersecurity journey with DEFEND has been a true partnership in every sense of the word. DEFEND have taken the time to understand our business and they work well to complement and enhance our internal capabilities. We see DEFEND as an extension of the FSNI team and they have, without doubt, helped us protect New Zealand’s supply chain and raise cyber resiliency within and across Foodstuffs North Island.”

Campbell Mander, Head of IT Operations & Security