Cyber security at Outokumpu

The importance of cyber security culture

As the world is becoming more digitalized, the threat-landscape is rapidly evolving. We all need to be aware of the threats of the digital world as anyone can be targeted, from big corporations to individual people. That is why in Outokumpu, cyber security culture is everyone’s responsibility. If we behave or make unsecure decision, no technical measure or firewall can keep us completely safe. Not only are cyber threats affecting us in the digital world, but in the worst case they can also escalate into the physical world.

It is especially important to keep aware of different social engineering attacks such as phishing. The reason why these attacks have become so popular among criminals is that they are relatively easy and cheap to make and the monetary gain for the criminal can grow exponentially. We continuously strengthen our cyber security culture by training our employees to recognize cyber threats and act appropriately in incidents, for example supported by practical phishing exercises such as simulations on gamification platforms.

To mitigate the cyber risks, Outokumpu wants to emphasize that only pre-approved processes are to be used when doing business with us.

• If you are ever in doubt of our messages’ legitimacy, never hesitate to reach out to us. Please do it by using some other contact than what is mentioned in the message, as those contacts can be forged.

• If you ever receive a notification of any changes e.g. in the bank account details from our side, please always verify the information via phone with some familiar contact.

The domains that are used by Outokumpu are in the format outokumpu.com.

Please always double check the spelling of the email address. If you are contacted via another domain, please verify that with cyber(at)outokumpu.com.

Transparent cyber defence

Our cyber security strategy is built on three core elements:

• Cyber culture – Cyber security culture is everyone’s responsibility. Cyber awareness campaigns are targeted for better cyber security culture. Knowledge sharing among Outokumpu’s employees, employees’ families, suppliers and customers improves the overall Cyber Security culture. 
• Cyber maturity – Cyber maturity is how well an organization protects systems and data from threats, reflecting the effectiveness, consistency, and advancement of its cyber security practices, processes, and technologies. Outokumpu is always following the latest cyber security regulations.
• Business resilience – Cyber security visibility, analysis and improvement investments increase transparency on the underlying synergies and efficiencies of all Outokumpu’s global and local environments in all assets.

Reasonable assurance for cyber security 

Upon request Outokumpu shall present basis for Qualified Conclusion. If you request to do so, please contact your Outokumpu representative.

Responsible disclosure 

We take security seriously and welcome reports from the security research community. If you discover a potential vulnerability in our systems, please let us know so we can investigate and fix it.

We run a private bug bounty program where monetary rewards are offered to invited participants.

For researchers outside this program:

• We still highly value your contribution
• Valid reports may be recognized with a token of appreciation (company swag)

Your responsible disclosure helps us protect our users and services. We appreciate your support.

More details: outokumpu.com/security.txt

Outokumpu is always looking to improve its ways of working on cyber security. We are dedicated to improving not only the technologies used but also the ways of working. We are also open for collaboration on cyber security knowledge, sharing information with all interested networks and/or companies which are not and do not have a direct link to our competitors.

For any questions or concerns, please contact our cyber security team at cyber(at)outokumpu.com.