Challenge

The company is one of the largest and economically powerful producers of crab taste sticks, surimi products and fish in Europe. The group trades under the brand name „Vici“ in more than 57 countries around the world. Viciunai Group consists of 80 companies in 17 countries. The group employs more than 8000 enthusiastic people across its 13 processing sites.

Project

During the 29 years of operation, the group has been growing rapidly and the maturity of IT security procedures and processes just could not keep up. To ensure that the organization maximizes its cyber resilience and the IT departments within the organization are enabled to manage information security and cyber incidents more effectively and efficiently, situational picture was required.

Project scope

Project in numbers:

  • 39 organizations which are operating in various countries in Europe, together with their IT and OT infrastructure;
  • 458 IT services;
  • 22 websites;
  • 150 servers;
  • 1387 workstations;
  • 15 firewalls and other network elements.

Solution

While implementing the project, NRD Cyber Security performed IT security assessment, identified the most important information security risks and prepared a risk management plan them with concrete steps and recommendations.


Also, the deliverables of the project included:

  • Assessment of IT and OT infrastructure vulnerabilities;
  • OT security assessment;
  • Assessment of already applied security measures to comply NIST and CIS-20 recommendations;
  • Employee resistance to phishing attacks has been tested using social engineering methods;
  • Assessment of risks related to cybersecurity and business continuity;
  • Preparation of sample documents and procedures for information security;
  • KPIs set to measure the effectiveness of security processes and procedures.

Key benefits to Viciunai Group

The project has enabled Viciunai Group to get a detailed overview of security situation within the organization. As a result, the organization will be able to effectively allocate resources and develop IT to be upfront with cybersecurity. The recommendations provided clear and concise measures to reduce security risks as well as a plan for their implementation.