Protecting value: Cybersecurity at Körber

Digitization makes processes faster and facilitates global business. Unfortunately, this also applies to criminal activities.   That’s because data thieves and extortionists also benefit from digital progress. Emails and messengers, social networks, tools for digital collaboration, mobile access to data and, last but not least, millions of downloads every day — all of this offers hackers a constantly growing target for attack. Given the increasing reliance on digital systems, the World Economic Forum (WEF) now rates data theft and network sabotage as a serious threat to society. According to the WEF Global Risk Report, the spread of extortion ransomware alone increased by more than 430 percent worldwide in 2020. 

Companies from all sectors can be targeted. “Today’s hackers are usually well informed. They know where an attack is worthwhile and systematically look for weak points,” says Andreas Gaetje. As Körber’s Chief Information Security Officer (CISO), he is responsible for group-wide digital security. The office software is under his protection, but that’s not all. As digitization progresses, production IT (operational technology, OT for short) must also be protected against external attacks, Gaetje explains. “We store and transport increasing amounts of data for our customers. They want to be assured that with us they are in safe hands,” he says.

Protecting companies and data from cyberattacks is vital — not only for business reasons. It's also about trust — that of customers, employees, cooperating companies and suppliers, and ultimately society as a whole. The responsible, proactive handling of cyber risks is therefore a key principle of sustainable governance for Körber — along with environmental and social aspects. As a technology leader, Körber has a special responsibility. “Our clearly defined, risk-based Information Security Management System (ISMS) is based on international standards such as ISO 27001. All of the measures are continuously checked and constantly adapted to meet changing threats,” says Gaetje.

Körber continuously invests in security-related technologies, expertise, and training in all areas of the company. For example, at the Cyber Defense Center (CDC) in Porto, which was set up in 2020, a team of data security experts is exclusively responsible for monitoring and threat prevention. These IT professionals monitor the global threat situation in order to identify and close security gaps as quickly as possible.

The coronavirus pandemic and the resulting widespread work from home increased the attack opportunities for hackers — and with them the challenges in the area of information security. Körber reacted in good time and prepared itself for the decentralized world of work. Advanced AI-supported security tools are used to secure local terminals, emails, and data traffic. New software applications are systematically tested for potential vulnerabilities during development, and internal teams of developers are continuously trained to deal with security aspects.

Not only in the IT departments but in all areas of the company, Körber consistently relies on regular training courses to continuously sharpen the attention and security awareness of users within the Group. In the training courses, employees receive for instance fake phishing emails, in order to raise their awareness for the increasingly sophisticated methods used by hackers. Körber is continuously updating and expanding its extensive internal range of information on topics such as the responsible handling of data, password security, fraudulent attempts at manipulation (social engineering), and correct behavior. 

After all, “even the best technology can never offer 100 percent protection,” says Andreas Gaetje, adding, “and if something does happen, it is crucial that we are well-positioned and that we have clearly defined processes in place that enable us to contain the attack immediately and get back to business as quickly as possible.”