Finning International drives efficiencies and unlocks operational excellence through its cybersecurity transformation
Industry 4.0 is changing the game for the traditional industrial sector. New technologies and innovations have seen original equipment manufacturers (OEMs) and suppliers turn towards new solutions to ensure greater efficiency, improve safety, meet compliance requirements and guarantee substantial savings. However, such advances come with additional risks that can threaten the security of consumer and machine data, with breaches found to be the most costly in the United States and Canada by the Ponemon Institute.
With firm routes in Canada, Finning International now amasses an impressive global footprint, spanning three geographies. Employing more than 13,000 people worldwide, the business has accrued a world class network of product support services across British Columbia, Yukon, Alberta, Saskatchewan, the Northwest Territories and a portion of Nunavut, as well as the United Kingdom, Ireland and South America. Its formidable reputation in industrial markets, such as mining, construction and agriculture, has enabled the company to become a key figure in working with customers to achieve the lowest equipment owning and operating costs while maximizing uptime across their operations.
However, to counteract the growing threat of cybercrime across Finning’s international footprint and remain ahead of the curve, Chief Information Security Officer (CISO) Suzie Smibert has looked to place security at the forefront of every employee’s mind. Demonstrating effective leadership as Finning looks towards its long-term vision and digital strategy, Smibert has been key in transforming its image of a sole reseller and service provider to that of an innovative, technology led company.
“My background is primarily in information security, which knows no sector boundaries. Finning was an interesting company to me when it was presented as an employment option as it was an industry I had never been part of previously. It's an organization with impressive reach with of the potential to transform how heavy machinery is used on a global scale,” says Smibert. “One of the things that gets me the most excited about this company is that we are not afraid of thinking outside of the box, creating technology, thinking of how can we optimize our customers' fleets and how we can provide customers with the best equipment,” she adds. “When you are a CISO, oftentimes you have your recipe that you use in one organization, move on to the next and use the same recipe with slight modifications for that specific business. As Finning represented an industry I'd never worked in, I didn't know if my recipe would work. So, it was more exciting not to just ‘rinse and repeat’, but push myself towards something new.”
With damage related to cybercrime projected to hit US$6trn annually by 2021, it has been essential for a leading company such as Finning to take a closer look at updating its systems, remove redundancies and streamline its operations, which will filter into its long-term aim to promote digital innovation and engage further with its diverse customer base.
“In information security there is a lot of convergence happening. Currently there are an unsustainable number of products and tools on the market which make it difficult to manage budgets, complexity and maintain the skills to manage, in some cases as many as 50 platforms at a company. I’m also seeing tools that are providing the right amount of security, but could be better utilized and leveraged, whether inside of outside of the security portfolio, across multiple stress factors,” explains Smibert.
“At Finning, our customers are evolving. We are seeing a lot more digitization, connected assets and abilities to enhance performance solutions for how our customers manage fleets and utilize our equipment,” she adds. “An example of this is, instead of just having a driver unit, now we can optimize how the machine is functioning by leveraging data.” The monetization of data is being seen across every industry, yet Smibert is driven, and rightly so, to ensure that the business remains pedantic around how data is used, whether the right level of consent has been granted, and whether the correct contractual agreements are in place, all to guarantee consumer trust and transparency. “Security, compliance and regulation can be a necessary evil. It can take time to explain and demonstrate that having security controls to protect our customer data, employees' data, meet privacy regulations wherever we are operating,” she reflects.
“Internally, it takes a lot of relationship building amongst teams to help them realize that we're not going to slow them down or prevent a product from being launched. We're going to make sure a product is not recalled because it was secured at the engineering stage and conception stage, as opposed to when it goes live. Reassurance that our role is not a showstopper to business, but is a enabler and can help us win more business by demonstrating to our customers that we are serious about their data, their privacy, and are taking control that is above the industry standard. Having these controls in place is an incentive for our customers to consider us as a provider rather than going elsewhere.”
The establishment of the General Data Protection Regulation (GDPR) across its European operations has seen Finning join the UK government’s Cyber Essentials scheme which supports businesses in protecting themselves against common cyber threats. However, most importantly, it works to ensure that the business adheres to what Smibert coins as “the most stringent” framework, where the business has mapped each control it needs to follow, and has selected the hardest to achieve, applying this to its operations not just in Europe, but worldwide.
“We figure that if we set the bar high and require ourselves to meet the most stringent requirements everywhere, and by transforming our behavior, thought process and policies, we will be able to tell our users the same story wherever they work in the world,” states Smibert. “I travel to our operating regions frequently, and many of my coworkers are also nomads, working from every one of our facilities, different regions, different countries. We can't expect them to know which behavior to adopt wherever they travel. If we tell them one set of behaviors, one set of policies to meet, it makes our job easier in the back end, and makes it much easier on our workforce.”
By harmonizing, centralizing and simplifying Finning’s digital infrastructure, Smibert has looked to promote cross-collaboration and rework in-region management teams. Hiring “tremendous talent” predominately from Calgary, she has been leading the transformation of Finning’s security and enterprise architecture services and embedded next generation multi-tool sets, allowing the business to improve its response, detection and management capabilities.
“We have security individuals assigned to squads in the DevOps team. While they don’t sit in DevOps, they do report into the management team and exist as a service provider to that group, and continue to report into my organization. “We do security as code. A lot of our tasks and requests are automated, when they are deemed low risk, it goes straight into code.”
As the business continually evaluates emerging products and technologies which could drive greater value, Smibert explains that the business undertakes whole-market evaluations in advance of a product’s shelf life in order to remain resilient, and looks not only to longstanding players in the market, but also to innovative startups that can bring something unique to the table. “Many big companies only work with organizations that are tried and tested. At Finning, we take well-calculated risks and work with startups, or we consider open source products after careful evaluation so that we can get the best return on investment and efficiency in our protection and detection capabilities,” she says.
Partnering with established players, as well as pioneering startups, is something to which Finning remains thoroughly committed, in order to drive further growth across the business and strengthen its security operations. Collaborating with cybersecurity leader CrowdStrike, for example, has allowed the business to embed next-generation antiviruses across all of its digital environments, and gain chip intelligence, security protection and detection at all of its endpoints. Not only that, it has also helped Finning practice better internal collaboration with broader technology teams, identify applications or software that are no longer used and manage its license with more efficiency.
“We were able to not impact the end user, give them the visibility and tools they needed, but in the back end, save a significant amount of money not only with our security portfolio, but our data science team, employee productivity services team and networking teams. It's been quite powerful for us. CrowdStrike’s main play is security, but we're using it outside of what it's normally known for.”
Welcoming diverse talent
Additionally, observing technology as an enabler and not a sole tool in the creation of a thriving collaborative culture, Smibert has worked alongside the communications team and change management group as the business continues on its transformation journey, providing exceptional support to employees as well as ample opportunities for personal and professional development.
“As part of our awareness program, we've enlisted a psychiatrist to help us define how our people learn and how they retain information. Instead of having an article on our webpage every couple of months, we have videos, face-to-face, gamification, and a variety of approaches to reach and engage our employees. Not everybody learns in the same way, so with change management and psychology, we’ve transformed our communication to craft a message in a way that is not too techy, rather it is approachable and relatable,” she explains.
At Finning, Smibert is keen to stress that its employees are its strongest assets, and so upskilling its workforce will not only benefit employees but will also protect the organization, leading the business to avoid common cultural pitfalls across its various geographies. “We are in different countries in South America, and for someone that's not going very frequently, they might think a Chilean and an Argentinian think the same and both speak Spanish, so everything should then be the same. In reality, it’s not,” she states. “There are subtleties, even if they both speak the same language, operate and retain data. Our communications groups were fantastic in helping us avoid addressing employees or teams in a way that would not resonate with them. When you think of awareness and how you can really reach and influence your employees, it gives you massive return on investment.”
With such a global footprint, Finning remains committed to contributing to a number of charitable causes, but one key focus has been behind the delivery of science, technology, engineering and mathematics (STEM) education. Across each of its operating regions, the business has sought to inspire the innovators of tomorrow by supporting the growth in STEM-based roles. Partnering with leading STEM outreach organization, Actua in Canada, Finning provides financial support, volunteering and hands-on opportunities to those interested in areas such as programming and coding.
“Finning wants to see more influx of inclusive and diverse talent in the field of STEM, so we partnered with Actua, which is a camp for students and young children, hosting engagement events on university campuses. I volunteer to help students understand the world of technology and the world of cyber security. In the past year, we did exercises involving coding machines, allowing them exposure to technology,” says Smibert. “Some of my coworkers have invited students to come into a branch to see the heavy equipment and what a power systems engineer might do, so that they get attracted into the culture and the field of STEM.”
Looking at further opportunities, the business has also recently acquired 100% of 4Refuel Canada and 4Refuel US. As a leading mobile on-site refueling company supporting customers across the construction, transportation, power generation and oil and gas sectors, it will provide a multitude of advantages for Finning, as more than 95% of 4Refuel’s profitability is generated in Canada.
“By having 4Refuel join us to serve customers across the different geographies where our customers operate, we're going to reduce their potential downtime because they will have access to fuel to keep their operation going, as opposed to having to wait for delivery, or having a site that might not have all of the fuel capacity that they need. This is definitely one element where this acquisition will help us ensure our customers are up and running as much as they want, allowing them to be more nimble and at the end of the day, profitable,” says Smibert.
“Additionally, having 4Refuel will allow us to expand in some of our customer fleets where we might not have a service contract, primarily non-Caterpillar equipment. This will give us visibility in terms of the other assets that are used by our customers, and how they're utilizing the other equipment. It is our hope that by providing holistic service that customers will think of us as the first place to buy their next piece of equipment.”
Finning’s continued drive to fully expand its product and service offerings across Canada will see the business work towards a goal of acquiring 100% connected assets to deliver further support, and allow its data science and analytics teams identify business opportunities to partner with its vendors and customers and create long-term opportunities.
“Our next aim is to connect everything and create new technologies that are going to transform and empower our customers and their partners to build and power a better world,” adds Smibert. In many places, once you have your initial transformation things slow down. The leadership at Finning hasbeen tremendous, and the willingness to put ourselves in uncomfortable positions to achieve greater good, and do better for our customers, is something I've not seen elsewhere. It’s an inspiring part of our culture and a big part of what keeps me engaged in working here.”