– We needed help from senior consultants who had seen it all before. People with strong security expertise and broad experience. We found that at Sicra, says Børge Filseth, IT Director at Orkla Food Ingredients (OFI).

With its roots in Norway, OFI has grown into a leading global supplier of food ingredients. The group consists of 60 subsidiaries and operates production facilities in 22 countries across Europe and the United States. Its vision is to be the leading supplier of flavorful ingredients and innovative food solutions that enable customers to become market leaders in their respective industries. OFI’s customer base ranges from small local artisan bakeries to large industrial food manufacturers operating across multiple countries.

Supply chains in the food industry can be long and complex, while food safety can never be compromised. At the same time, the cyber threat landscape continues to grow more sophisticated.

– If we were hit by a cyberattack that disrupted or stopped production in one or more of our companies, the consequences could be severe for the group, both financially and operationally. We face many different cyber threats from a wide range of actors. In addition to traditional cybercriminals, the geopolitical situation and advances in artificial intelligence have made the threat landscape even more challenging, says Filseth.

"Discovery" without a pointing finger

Historically, OFI’s strategy had been to manage IT operations and security locally. Following a series of acquisitions and global expansion, the company wanted to standardize and centralize both IT functions and security services, particularly in response to an increasingly serious threat landscape.

– In the past, cybersecurity depended heavily on the competence of local resources. We have companies in the Baltics, Poland, Romania, Portugal, Greece, the Netherlands, Germany, the United Kingdom, and the United States. We simply cannot have world-class IT security experts in every location, says Filseth.

The first step toward stronger and standardized security was to assess the current state of cybersecurity across all locations. OFI engaged Sicra’s security specialists for a comprehensive assignment: mapping the cybersecurity posture of the entire group. Together, OFI and Sicra developed a new methodology before visiting offices and production facilities to conduct technical deep dives. The methodology was created through close collaboration between Sicra’s consultants and OFI’s Chief Information Security Officer.

The goal was to spend one day at each location and produce an assessment report focused on the technical foundation, including:

1. Firewall configuration and network architecture

2. Backup and recovery procedures

3. Identity and access management

4. System patching and updates

– For the "discovery journey", we needed a seasoned security expert. Someone with strong expertise and extensive experience in cybersecurity. A senior consultant meets local IT teams on their own professional level. That creates respect, encourages openness, and makes people feel supported rather than exposed, says Filseth.

From reactive firefighting to proactive security management

An important part of the discovery journey was creating a prioritized list of recommendations and improvement initiatives. Through systematic follow-up of assessment reports, categorization of findings, and targeted remediation efforts ranging from simple hardware replacements to major infrastructure changes, OFI has closed many security gaps and significantly reduced its cyber risk. However, Filseth emphasizes that the work is far from finished.

– The threat landscape changes all the time, so we have to keep improving, he says, adding:

– In the past, our security efforts were largely focused on putting out fires and fixing vulnerabilities. With the help of Sicra and their resources, we are moving from reactive firefighting to proactive security management. We now have a common security framework, processes, training programs, and monitoring capabilities in place.

Filseth highlights the value of having Sicra as a trusted cybersecurity partner.

– IT security is an incredibly broad and complex field. There are countless products, solutions, security packages, and services. You need knowledge of licensing, products, architecture, access management, and identities. That is why I need external advisors who can come in and share their expertise, he says.

A strong security foundation and increased cybersecurity awareness throughout the OFI group help ensure that the company can continue doing what it is known for: delivering high-quality ingredients to bakeries, ice cream manufacturers, and plant-based food producers around the world.

– Working with Sicra has been extremely positive. One major advantage is that you work directly with the experts, which is often not the case when engaging larger consulting firms, concludes Filseth.