Cybersecurity at Outokumpu

The importance of cybersecurity awareness

In today’s operating environment, awareness of cyber security is of utmost importance. Outokumpu is always looking to improve not only the technologies we use but also our ways of working on cyber security.

The importance of cyber security awareness

In today’s operating environment, awareness of cyber security is of utmost importance. Outokumpu is always looking to improve not only the technologies we use but also our ways of working on cyber security.

As the world is becoming more and more digitalized, the threat-landscape is ever evolving, and unfortunately many companies have already fallen victim to different cyber-attacks. We all need to be aware of the threats of the digital world as anyone can be targeted, from big corporations to individual people.

It is especially important to keep aware of different social engineering attacks such as phishing. The reason why these attacks have become so popular among criminals is that they are relatively easy and cheap to make and the monetary gain for the criminal can grow exponentially.

To mitigate the cyber risks, Outokumpu wants to emphasize that only pre-approved processes are to be used when doing business with us.

  • If you are ever in doubt of our messages’ legitimacy, never hesitate to reach out to us. Please do it by using some other contact than what is mentioned in the message, as those contacts can be forged.
  • If you ever receive a notification of any changes e.g. in the bank account details from our side, please always verify the information via phone with some familiar contact.

The domains that are used by Outokumpu in contacts:

  • outokumpu.com

Please always double check the spelling of the email address. If you are contacted via another domain, please verify that with cyber(at)outokumpu.com

Outokumpu Cybersecurity Strategy

The main goal of Outokumpu’s cyber security is the protection of all our assets both in information technology and operations technology environments. These include, but are not limited to, things such as people, passwords, devices, and information.

Outokumpu wants to be a transparent and trusted partner in assuring business continuity and bringing visibility to residual risk tolerance. To achieve a complete cyber security, the scope of actions will not only be limited to technical measures but also focus on raising the security awareness level of our employees, both in working life as well as in their personal lives.

Outokumpu’s cyber security framework is built around globally noted frameworks and follows the defense in depth concept.

Transparent Cyber Defence

To achieve the vision, our cyber security strategy is built on four core elements:

  • Protect – Protecting all Outokumpu assets from cyber-based attacks
  • Engagement – Having proper cyber-security awareness by all Outokumpu personnel and external parties
  • Assurance – Assuring business continuity in all circumstances
  • Risk – Establishing residual cyber risk tolerance

Transparent cyber defence

Cyber security strategyOur cyber security strategy is built on three core elements:

  • Cyber culture – Cyber security culture is everyone’s responsibility. Cyber awareness campaigns are targeted for better cyber security culture. Knowledge sharing among Outokumpu’s employees, employees’ families, suppliers and customers improves the overall Cyber Security culture. 
  • Cyber maturity – Cyber maturity is how well an organization protects systems and data from threats, reflecting the effectiveness, consistency, and advancement of its cyber security practices, processes, and technologies. Outokumpu is always following the latest cyber security regulations.
  • Business resilience – Cyber security visibility, analysis and improvement investments increase transparency on the underlying synergies and efficiencies of all Outokumpu’s global and local environments in all assets.

Reasonable assurance for cyber security 

Upon request Outokumpu shall present basis for Qualified Conclusion. If you request to do so, please contact your Outokumpu representative.

Responsible disclosure 

We take security seriously and welcome reports from the security research community. If you discover a potential vulnerability in our systems, please let us know so we can investigate and fix it.

We run a private bug bounty program where monetary rewards are offered to invited participants.

For researchers outside this program:

  • We still highly value your contribution
  • Valid reports may be recognized with a token of appreciation (company swag)

Your responsible disclosure helps us protect our users and services. We appreciate your support.

More details: outokumpu.com/security.txt

Outokumpu is always looking to improve its ways of working on cyber security. We are dedicated to improving not only the technologies used but also the ways of working. We are also open for collaboration on cyber security knowledge, sharing information with all interested networks and/or companies which are not and do not have a direct link to our competitors.

 

For any questions or concerns, please contact our cyber security team at cyber(at)outokumpu.com.