Data & information in a legally sound way – how continuity management helped Magelungen

“A better and more comprehensive overview of our systems and what we need to improve.” That was the need when Emil Josefsson, IT Strategist at Magelungen connected with DirSys.

In an organization with 450 employees, a wide array of different systems, and limited IT resources, Magelungen needed to address its vulnerabilities and identify where the risks lay. Furthermore, increased external threats made the issue even more urgent.

“We're seeing an increase in data breaches and attacks against Swedish companies, as well as supply chain attacks, which also increases the risk for us. Even if we're not often the target of a direct attack, we can still fall victim to a supply chain attack. It's naive to think we wouldn't be affected just because we're a smaller, locally operating company; it's a chain reaction, of course.” – Emil Josefsson, Magelungen

‍

Continuity Management – Proactive Measures Against Data Breaches and Cyberattacks

To address this challenge, Magelungen needed to identify its most business-critical systems and their vulnerabilities. Furthermore, it was important for the organization to proactively manage vulnerabilities and risks, so they would know how to act in the event of an outage and could minimize its impact.

“The goal was to get a clear picture of where the weaknesses in our systems lie and, above all, to get help creating a continuity plan. We have different systems for different purposes, and if something happens, our staff needs to quickly know who to contact, how to contact them, and how we should respond.”

‍

Increased Risk Awareness in the Management Team

During the project, it became clear what the consequences of an outage could be. It became apparent that the effects could range from reduced productivity and loss of revenue to fines or judgments when legal requirements are not met. This became clear, not just to Emil himself, but especially to the management.

“During the project, our management team became aware of the risks we face. Many people think that if you outsource systems or services, the responsibility lies with the provider, but of course, the primary responsibility for information and our management always rests with us.”

Emil explains that the management became aware not only of the risks but also of IT's critical importance to the organization. He says the project created an understanding that IT is an integral part of the business strategy, which has led to a greater focus on these specific issues. There's an increased understanding that resources need to be allocated to the IT systems in use, which has resulted in their decision to strengthen IT resources.

“This work was truly an eye-opener, and I believe many companies would benefit from identifying risks and action plans for when systems are down. And we see this happening regularly. Attacks are increasing, and they can be both external and internal threats. For example, operational errors – the human factor – pose a significant risk. Perhaps we shouldn't just focus on external threats; how systems are managed is also crucial.”