Page 23 - Hexion Sustainability Report 2022
P. 23

Cybersecurity                                                                                                                                                         The company has a culture dedicated to managing                                •  Hexion is not aware of any material incidents

                                                                                                                                                                                                     cyber risk and continues to foster behaviors that help
                                                                                                                                                                                                                                                                                        relating to cyber security or privacy breaches.
                                                                                                                                                                                                     to create a human fi rewall. Hexion’s cyber awareness                           •  In addition to analyzing potential threats, the
                               & Data Privacy                                                                                                                                                        program helps educate associates and regularly                                     Company conducted a security incident tabletop



                                                                                                                                                                                                     tests their skills through simulated scenarios. A few

                                                                                                                                                                                                     highlights of cyber awareness activities from 2022:                                exercise to test its cyber team’s response to a
                                                                                                                                                                                                                                                                                        hypothetical critical incident.
                                                                                                                                                                                                     •  Hexion participated in Cyber Security Awareness                             •  Periodic Disaster Recovery tests were conducted

                                                                                                                                                                                                         Month in October with focuses on phishing,                                     to ensure resiliency and preparedness for various

                               With ever increasing attempts by outside parties to breach                                                                                                                security basics, reducing email stressors,                                     outage scenarios.

                               sensitive data, Hexion is continually adapting to the                                                                                                                     and more.                                                                  •  Identifi ed security controls were tested for


                               latest threats and strategically investing in its information                                                                                                         •  Associates from across the globe had the                                        eff ectiveness and new controls were implemented.
                                                                                                                                                                                                         opportunity to demonstrate their skills by                                 •  Internal reviews of IT systems are conducted to
                               technology infrastructure as part of an ongoing cyber
                                                                                                                                                                                                         participating in multiple simulated phishing                                   ensure compliance with relevant data privacy
                               security commitment to its associates and partners.                                                                                                                       assessments throughout the year.                                               regulations prior to implementation.


                                                                                                                                                                                                     •  Quarterly training included topics such as

                                                                                                                                                                                                         protecting against ransomware, identity best

                                                                                                                                                                                                         practices, insider threat and social engineering.
                                                                                                                                                                                                                                                                                           At the end of 2022,
                                                                                                                                                                                                     Hexion continuously monitors its systems for threats

                                                                                                                                                                                                     and vulnerabilities along with having defi ned response                                an external Security

                                                                                                                                                                                                     plans to ensure it can respond quickly and thoroughly
                                                                                                                                                                                                                                                                                           Rating Service ranked
                                                                                                                                                                                                     to cyber incidents. This includes a Security Operations
                                                                                                                                                                                                                                                                                           Hexion higher than 99
                                                                                                                                                                                                     Center analyzing and responding to potential threats                                                                                               99%

                                                                                                                                                                                                     every day of the year. Below are a few process and                                    percent of peer chemical

                                                                                                                                                                                                     technology highlights from 2022:                                                      manufacturing companies.                                  higher ranked
                                                                                                                                                                                                                                                                                                                                                        than peers

























                                                                                                                                                                                                                                                                                                                                                                   12
   18   19   20   21   22   23   24   25   26   27   28