Milk nutrition company, Synlait is a significant contributor to the New Zealand economy, with revenues of greater than $1.6 billion and a team of almost 1000 people across New Zealand and China.

Its innovative approach to milk processing has seen it become a leader in the food and beverage sector, adding value through developing new products through a highly competitive and integrated value chain, setting high standards for growth, and undertaking important steps in sustainability to become a certified B Corp™.

Rapid growth brought cybersecurity to the fore

Established in 2000, Synlait processed its first milk in 2008 and then began to grow rapidly. By 2011, Synlait had made the Deloitte Fast 50 index for the fourth year running. There was a growing awareness the business needed a cybersecurity strategy that would keep pace with both its growth and its innovation.

“The company took some initial steps but 2019 was the start of a real focus on cybersecurity,” says Jesse Middleton, Synlait’s Manager Applications, Infrastructure & Integration.

“We’re a young company really, and we’d just come off the back of a period of rapid expansion; in 2010 we were a 100-person company, and by 2019 we were approaching a 1000-person company. We were putting our head above the parapet, with a bigger international market presence especially in New Zealand, Australia, and China. We were increasingly more of a target, so we knew we had to put more investment into this area.”

Successful high-profile businesses like Synlait are constantly at risk of cyber threats, explains Mark Micklefield, Datacom’s GM Cybersecurity Services.

“All types of businesses are at risk of attacks. The most common are related to phishing, ransomware and DDoS attacks – and new threats are appearing all the time,” Mark says. “Every month we produce reports with statistics on attacks that have been detected and contained. And that number is in triple digits for virtually every business we monitor.”

A cybersecurity assessment - and then a journey

Datacom was selected as Synlait’s cyber partner in late 2019, and Synlait’s first question was: What do we need to do? The Datacom Cybersecurity team proposed that the first step should be a cybersecurity assessment to determine what was already in place and identify any obvious gaps in the security of their online environment that could leave their organisation vulnerable to cyber attacks. Once Datacom had that information, the expert cybersecurity team were able to determine what a fully mature strategy would look like for Synlait and create a roadmap for success.

“We ran tests, we interviewed business stakeholders and tech architects and we collected all the information we could on Synlait’s infrastructure ecosystem,” says Nicoleta Croitoru, Datacom’s Head of Cybersecurity Services South Island.

“Collecting this allowed us to have a good set of data, so we could identify a roadmap to achieve the cybersecurity maturity level Synlait needed.”

The roadmap was presented to the executive team at Synlait, who immediately saw the benefits and approved immediate action including improved detection and response, as well as medium-and long-term programmes of work.

“Cybersecurity isn’t something that you can set up once and walk away from,” says Jesse. “You can’t stay still. It’s not about doing one penetration test a year and ticking that box. Being compliant is important, but it’s equally important to build resilience through development of a culture of security.”

Establishing a security baseline

Working together, Datacom and Synlait spent the first year improving the company’s cyber security frameworks. This involved a range of improvements in protection controls, based on the ‘Essential Eight’ mitigations. Datacom reviewed the baseline security controls and made changes to those, reviewed operational technology vulnerabilities at the plants, and looked at how Synlait could implement security by design.

“We highlighted Synlait’s need for a readiness programme to respond to incidents: a plan to respond to major incidents and for getting end-users ready to respond to incidents,” says Nicoleta.

“We recommended and implemented processes and policies for responding to threats, and we also recommended end-point responses to stop incidents at the first point where they might enter the organisation. It began with initial monitoring, then it was about creating a baseline security monitoring layer and a road map that set out continuous improvements. All together, these changes moved the dial in the direction they needed for cybersecurity maturity.”

The Datacom team presented Synlait with an opportunity to move to Datacom’s Cybersecurity Defence Operations Centre, which provides a 24/7 threat monitoring capability, containing attacks across both operational technology and corporate systems.

“Datacom was also able to provide a governance layer across all this remediation,” says Mark. “We meet monthly with Synlait to measure how these improvements are working and keep the whole programme on track. The data means the Synlait team has the evidence to demonstrate to the board that the investment they’re making in cybersecurity is leading to a significant reduction in risk. This governance is vital; without that layer in place, the changes we make could look like spending without results. Instead, we can show that we’re turning the dial and progressively reducing risk.”

Launching the User Awareness Plan

After identifying as many potential cybersecurity risks as possible, the Synlait and Datacom teams added those risks to the wider company risk register. That gave cybersecurity additional visibility and helped demonstrate how vital it was to invest in this area of the business.

“We worked closely with Synlait and contributed to their risk management perspective,” says Nicoleta. “When we added risks to the register we could prioritise them according to their likelihood and magnitude.”

With those risks articulated, Datacom helped to run a simulation to assess how Synlait could respond to specific attacks.

“We did a business continuity plan test exercise – like a tabletop simulation – where Datacom came in and simulated some cybersecurity disasters,” says Jesse. “Every five minutes we’d get an update: ‘The hackers have done X, Y or Z’. We’d explain how we’d respond, do activities, and come up with solutions; it’s a mix of fun and stress. That exercise was really useful to work through the plan and see where the gaps are.”

As a result of testing the plan, Datacom and Synlait knew that they needed to dedicate more time to training all Synlait staff in the basic principles of personal cybersecurity. They launched the User Awareness Plan, which has two parts: training and testing.

“We now provide short training programmes through our LMS [learning management system] to all our users. They spend five minutes a month thinking about cybersecurity,” Jesse explains. “Alongside that, we send out simulated phishing emails to all our team members. Anyone who clicks through on those gets immediate feedback. Datacom works with us to track that over time, and we’ve seen a definite decrease in user susceptibility, which is really encouraging.”

Layered up defences offering better protection

Every step adds a layer of defence for Synlait, from the new base layer of security to the 24/7 monitoring to the improved user awareness. Every layer makes it more difficult for cyber criminals to get a foothold into Synlait’s systems. The work has considerably improved the organisation’s security and is helping to keep Synlait protected from the hundreds of attacks it’s likely to face each week.

“The partnership with Datacom has helped us manage our cybersecurity more effectively,” says Jesse.

“Their reports show how well the strategy is working and that gives our board confidence that we are constantly improving our protection.”

Related industries
FMCG & retail Manufacturing
Related solutions
Security Advisory & consulting