FINNING INTERNATIONAL GUARANTEEING CYBERSECURITY EXCELLENCE
FINNING INTERNATIONAL 02
A DIGITALLY–LED CYBERSECURITY TRANSFORMATION WRIT TEN BY
CATHERINE S TURM AN PRODUCED BY
JA K E MEGE ARY
TECHNOLOGY
03
w w w.busi w wne w.fssc i nnin hief. g . com
Finning International has transformed its cybersecurity efforts, built strong partnerships and created a culture built on collaboration – Chief Information Security Officer Suzie Smibert tells us more
I
ndustry 4.0 is changing the game for the traditional industrial sector. New technologies and innovations have seen original
equipment manufacturers (OEMs) and suppliers turn towards new solutions to ensure greater efficiency, 04
improve safety, meet compliance requirements and guarantee substantial savings. However, such advances come with additional risks that can threaten the security of consumer and machine data, with breaches found to be the most costly in the United States and Canada by the Ponemon Institute. With firm routes in Canada, Finning International now amasses an impressive global footprint, spanning three geographies. Employing more than 13,000 people worldwide, the business has accrued a world class network of product support services across British Columbia, Yukon, Alberta, Saskatchewan, the Northwest Territories and a portion of Nunavut, as well as the United Kingdom, Ireland and South America. Its formidable reputation in industrial markets, such as mining, construction and agriculture, has enabled the company to become a key figure
05
w w w.f i nnin g . com
06
“ We’re seeing a lot more digitization, connected assets and abilities to enhance performance solutions” — Suzie Smibert, Chief Information Security Officer
in working with customers to achieve the lowest equipment owning and operating costs while maximizing uptime across their operations. However, to counteract the growing threat of cybercrime across Finning’s international footprint and remain ahead of the curve, Chief Information Security Officer (CISO) Suzie Smibert has looked to place security at the forefront of every employee’s mind. Demonstrating effective leadership as Finning looks towards its long-term vision and digital strategy, Smibert has been key in transforming its image of a sole reseller and service provider to that of an innovative, technology led company. “My background is primarily in information security, which knows no sector boundaries. Finning was an interesting company to me when it was presented as an employment option as it was an industry I had never been part of previously. It’s an organization with impressive reach with of the potential to transform how heavy machinery is used on a global scale,” says Smibert. “One of the things that gets me the most excited about this company is that we are not afraid of thinking outside of the box, creating technology, thinking of
CLICK TO WATCH : ‘FINNING PERFORMANCE SOLUTIONS’ 07 how can we optimize our customers’
2021, it has been essential for a leading
fleets and how we can provide custom-
company such as Finning to take
ers with the best equipment,” she adds.
a closer look at updating its systems,
“When you are a CISO, oftentimes you
remove redundancies and streamline
have your recipe that you use in one
its operations, which will filter into
organization, move on to the next and
its long-term aim to promote digital
use the same recipe with slight modifi-
innovation and engage further with its
cations for that specific business. As
diverse customer base.
Finning represented an industry I’d never
“In information security there is a lot
worked in, I didn’t know if my recipe
of convergence happening. Currently
would work. So, it was more exciting
there are an unsustainable number of
not to just ‘rinse and repeat’, but push
products and tools on the market which
myself towards something new.”
make it difficult to manage budgets,
With damage related to cybercrime projected to hit US$6trn annually by
complexity and maintain the skills to manage, in some cases as many as 50 w w w.f i nnin g . com
08 platforms at a company. I’m also seeing
ing data.” The monetization of data is
tools that are providing the right amount
being seen across every industry, yet
of security, but could be better utilized
Smibert is driven, and rightly so, to ensure
and leveraged, whether inside of outside
that the business remains pedantic
of the security portfolio, across multiple
around how data is used, whether the
stress factors,” explains Smibert.
right level of consent has been granted,
“At Finning, our customers are evolving.
and whether the correct contractual
We are seeing a lot more digitization,
agreements are in place, all to guaran-
connected assets and abilities to
tee consumer trust and transparency.
enhance performance solutions for
“Security, compliance and regulation
how our customers manage fleets and
can be a necessary evil. It can take
utilize our equipment,” she adds. “An
time to explain and demonstrate that
example of this is, instead of just having
having security controls to protect our
a driver unit, now we can optimize how
customer data, employees’ data, meet
the machine is functioning by leverag-
privacy regulations wherever we are
operating,” she reflects.
going elsewhere.”
“Internally, it takes a lot of relationship building amongst teams to help them
ROBUST SECURITY
realize that we’re not going to slow
The establishment of the General Data
them down or prevent a product from
Protection Regulation (GDPR) across
being launched. We’re going to make
its European operations has seen
sure a product is not recalled because
Finning join the UK government’s Cyber
it was secured at the engineering stage
Essentials scheme which supports
and conception stage, as opposed to
businesses in protecting themselves
when it goes live. Reassurance that our
against common cyber threats. However,
role is not a showstopper to business,
most importantly, it works to ensure that
but is a enabler and can help us win
the business adheres to what Smibert
more business by demonstrating to our
coins as “the most stringent” framework,
customers that we are serious about
where the business has mapped each
their data, their privacy, and are taking
control it needs to follow, and has
control that is above the industry
selected the hardest to achieve, applying
standard. Having these controls in
this to its operations not just in Europe,
place is an incentive for our customers
but worldwide.
to consider us as a provider rather than
“We figure that if we set the bar high
E XE CU T I VE PRO FI LE
Suzie Smibert Suzie is a security practitioner with more than 18 years of experience and is currently Finning International Chief Information Security Officer. Working with the leadership team, Suzie provides leadership, vision, strategy and experience for all things security. She and her team are responsible for managing information security risks, protecting information and technology resources globally for Finning.
w w w.f i nnin g . com
09
TRY IT FREE FOR 15 DAYS SIGN UP FOR FREE TRIAL
ABOUT CROWDSTRIKE CrowdStrike is the leader in cloud-delivered next-generation endpoint protection. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus, endpoint detection and response (EDR), and a 24/7 managed hunting service. OUR SITE
CONTACT US
“ Our role is not a showstopper to business, but is an enabler and can help us win more business” — Suzie Smibert, Chief Information Security Officer
simplifying Finning’s digital infrastructure, Smibert has looked to promote cross-collaboration and rework in-region management teams. Hiring “tremendous talent” predominately from Calgary, she has been leading the transformation of Finning’s security and enterprise architecture services and embedded next generation multi-tool sets, allowing the business to improve its response, detection and management capabilities. “We have security individuals assigned to squads in the DevOps team. While they don’t sit in DevOps, they do report
and require ourselves to meet the most
into the management team and exist as
stringent requirements everywhere, and
a service provider to that group, and
by transforming our behavior, thought
continue to report into my organization.
process and policies, we will be able to
“We do security as code. A lot of our tasks
tell our users the same story wherever
and requests are automated, when they
they work in the world,” states Smibert.
are deemed low risk, it goes straight
“I travel to our operating regions frequent-
into code.”
ly, and many of my coworkers are also nomads, working from every one of our
PROMOTING COLLABORATION
facilities, different regions, different
As the business continually evaluates
countries. We can’t expect them to know
emerging products and technologies
which behavior to adopt wherever they
which could drive greater value, Smibert
travel. If we tell them one set of behaviors,
explains that the business undertakes
one set of policies to meet, it makes our
whole-market evaluations in advance
job easier in the back end, and makes it
of a product’s shelf life in order to remain
much easier on our workforce.”
resilient, and looks not only to long-
By harmonizing, centralizing and
standing players in the market, but also w w w.f i nnin g . com
11
EXPERIENCEMATTERS Transform your security initiatives with IMagosoft Identity Management Solutions Inc., a proven security partner that brings integrated “best of breed� Identity and Access Management tools to the enterprise through strategic partnerships and talented, experienced security experts. IMagosoft works within your unique requirements to help you reach a cost-effective outcome to your Identity Management needs. IMagosoft offers a team of Identity and Access Management specialists that can engage at any point in the lifecycle of your IAM program. Our services include business case development, IAM transformation, development of program/product roadmaps, proof of concept implementation/review, pilot projects, implementation of IAM solutions through our professional services model, and operational support of Identity Management products.
CONTACT US
LEARN MORE
13
to innovative startups that can bring
further growth across the business
something unique to the table. “Many big
and strengthen its security operations.
companies only work with organizations
Collaborating with cybersecurity leader
that are tried and tested. At Finning, we
CrowdStrike, for example, has allowed
take well-calculated risks and work with
the business to embed next-generation
startups, or we consider open source
antiviruses across all of its digital
products after careful evaluation so that
environments, and gain chip intelligence,
we can get the best return on invest-
security protection and detection at all
ment and efficiency in our protection
of its endpoints. Not only that, it has also
and detection capabilities,� she says.
helped Finning practice better internal
Partnering with established players,
collaboration with broader technology
as well as pioneering startups, is
teams, identify applications or software
something to which Finning remains
that are no longer used and manage
thoroughly committed, in order to drive
its license with more efficiency. w w w.f i nnin g . com
“We were able to not impact the end user, give them the visibility and tools they needed, but in the back end, save a significant amount of money not only with our security portfolio, but our data science team, employee productivity services team and networking teams. It’s been quite powerful for us. CrowdStrike’s main play is security, but we’re using it outside of what it’s normally known for.”
WELCOMING DIVERSE TALENT Additionally, observing technology as an enabler and not a sole tool in the creation 14
of a thriving collaborative culture, Smibert has worked alongside the communications team and change management group as the business continues on its transformation journey, providing exceptional support to employees as well as ample opportunities for personal and professional development. “As part of our awareness program, we’ve enlisted a psychiatrist to help us define how our people learn and how they retain information. Instead of having an article on our webpage every couple of months, we have videos, face-to-face, gamification, and a variety of approaches to reach and engage our employees. Not everybody learns in the same way, so
C O M PAN Y FACT S
• Finning has accrued a world-class network of product support services across Canada, the United Kingdom, Ireland and South America. • Embedding next generation multi-tool sets has seen the business to improve its response, detection and management capabilities. • Finning looks not only to longstanding players, but towards start-ups that can bring something unique to the table. • Collaborating with CrowdStrike has allowed Finning to gain chip intelligence, security protection and detection across its endpoints.
with change management and psychology, we’ve transformed our communication to craft a message in a way that is not too techy, rather it is approachable and relatable,” she explains. At Finning, Smibert is keen to stress that its employees are its strongest assets, and so upskilling its workforce will not only benefit employees but will also protect the organization, leading the business to avoid common cultural pitfalls across its various geographies. “We are in different countries in South America, and for someone that’s not going very frequently, they might think
a Chilean and an Argentinian think the same and both speak Spanish, so everything should then be the same. w w w.f i nnin g . com
15
1933
Year founded
12,000+
Approximate number of employees
16
In reality, it’s not,” she states. “There
a number of charitable causes, but one
are subtleties, even if they both speak
key focus has been behind the delivery
the same language, operate and retain
of science, technology, engineering
data. Our communications groups were
and mathematics (STEM) education.
fantastic in helping us avoid addressing
Across each of its operating regions,
employees or teams in a way that would
the business has sought to inspire the
not resonate with them. When you think
innovators of tomorrow by supporting
of awareness and how you can really
the growth in STEM-based roles.
reach and influence your employees, it
Partnering with leading STEM outreach
gives you massive return on investment.”
organization, Actua in Canada, Finning provides financial support, volunteering
LONG-TERM OPPORTUNITIES
and hands-on opportunities to those
With such a global footprint, Finning
interested in areas such as program-
remains committed to contributing to
ming and coding.
17
“Finning wants to see more influx of
a power systems engineer might do, so
inclusive and diverse talent in the field
that they get attracted into the culture
of STEM, so we partnered with Actua,
and the field of STEM.”
which is a camp for students and young
Looking at further opportunities, the
children, hosting engagement events
business has also recently acquired
on university campuses. I volunteer to
100% of 4Refuel Canada and 4Refuel
help students understand the world
US. As a leading mobile on-site refueling
of technology and the world of cyber
company supporting customers across
security. In the past year, we did exercis-
the construction, transportation, power
es involving coding machines, allowing
generation and oil and gas sectors, it will
them exposure to technology,” says
provide a multitude of advantages for
Smibert. “Some of my coworkers have
Finning, as more than 95% of 4Refuel’s
invited students to come into a branch
profitability is generated in Canada.
to see the heavy equipment and what
“By having 4Refuel join us to serve w w w.f i nnin g . com
customers across the different geographies where our customers operate, we’re going to reduce their potential downtime because they will have access to fuel to keep their operation going, as opposed to having to wait for delivery, or having a site that might not have all of the fuel capacity that they need. This is definitely one element where this acquisition will help us ensure our customers are up and running as much as they want, allowing them to be more nimble and at the end of the day, profitable,” says Smibert. 18
“Additionally, having 4Refuel will allow us to expand in some of our customer fleets where we might not have a service contract, primarily non-Caterpillar equipment. This will give us visibility in terms of the other
and how they’re utilizing the other
assets that are used by our customers,
equipment. It is our hope that by
“ I volunteer to help students understand the world of tech– nology and the world of cyber security” — Suzie Smibert, Chief Information Security Officer
providing holistic service that customers will think of us as the first place to buy their next piece of equipment.” Finning’s continued drive to fully expand its product and service offerings across Canada will see the business work towards a goal of acquiring 100% connected assets to deliver further support, and allow its data science and analytics teams identify business
19
opportunities to partner with its
ourselves in uncomfortable positions
vendors and customers and create
to achieve greater good, and do better
long-term opportunities.
for our customers, is something I’ve not
“Our next aim is to connect everything
seen elsewhere. It’s an inspiring part
and create new technologies that are
of our culture and a big part of what
going to transform and empower our
keeps me engaged in working here.”
customers and their partners to build and power a better world,” adds Smibert. In many places, once you have your initial transformation things slow down. The leadership at Finning hasbeen tremendous, and the willingness to put w w w.f i nnin g . com
Finning International 16901 109 Avenue Edmonton Alberta, T5P 4P6 Canada T +1 780 930 4900 www.finning.com