- Percentage of IT infrastructure monitored by the Cyber Defense Center
1. Goal:
We want to protect business operations against cyberattacks
Fiscal year 2021
We live in the digital age, in which all areas of life, work, and business are networked — and therefore vulnerable. Consequently, our most important mission is to establish a system to protect all company-related data. Cybersecurity in the digital age includes the protection of data and the necessary infrastructure, regardless of whether it is processed locally in data centers, in machines or virtually in cloud systems.
Cybersecurity is an essential part of our business model so that we can reliably supply our customers and protect their assets and data. We will only be able to survive on the market in the future if we consistently implement our security strategy.
Andreas Gaetje, Chief Information Security Officer, Körber AG
We want to protect business operations against cyberattacks
To make all of our business operations more resilient against cyberattacks, we have to define security policies that every employee must comply with. We want to expand our Cyber Defense Center with additional services, e.g. around-the-clock monitoring and incident response. Our goal is to equip all business areas with a common security architecture that can be monitored centrally and continuously. In order to avoid damage to our business operations or to keep it as limited as possible, we are introducing processes with which we can identify weak points at an early stage and thus react to them quickly.
The Group policy on information security is already in place; so is the team of the Chief Information Security Officer at the Group and Business Area levels. We have set up an organization across all business areas and created an Information Security Management System (ISMS) based on ISO 27001. In addition, we have developed a risk-based approach to introducing further security improvements. Moreover, our Cyber Defense Center is established and can now be gradually expanded to include additional services. The company also has a security policy with clear functional descriptions and processes. IT services are regularly checked for weak points; critical vulnerabilities are addressed using a regular process, and their elimination is monitored. We have set up a central security information system and have already integrated and monitored a number of services.
We want to be a reliable and trustworthy partner for our customers
In order to have a partnership based on trust, it is necessary to improve and standardize both our IT processes (information technology processes) and OT processes (operational technology processes), as well as to gain an internationally recognized certification for our software locations, for example ISO 27001 for software and IT companies. We also offer advanced security measures for digital offerings. To do this, we are introducing mandatory security checks into the product development cycle and developing additional security precautions for our products.
The Hauni company in the Körber Business Area Tobacco was the first enterprise to receive ISO 27001 certification. Further certifications of our software companies will follow. In addition, a training offensive for secure software development was started in the individual operational areas in order to establish additional security tests in the development process. In a pilot project, security architectures are evaluated and concepts are developed to make the technology fit for future requirements from a security standpoint as well.
Security has top priority
We are establishing a security culture throughout the Group and sensitizing all areas and employees to the topic of IT security.
An initial educational campaign that has already been carried out is now being followed by regular training courses for our employees, which lead to increased awareness and the reporting of questionable e-mails, posts, and website activity.
¹ The following companies of the Körber Group were not covered by the two systems in 2021: Körber Supply Chain and Körber Digital