Always on guard
At DACHSER, protecting data and systems is a top priority. Christian von Rützen, Department Head IT Strategy Implementation at DACHSER, explains the current and future challenges facing information security. He and his international IT security team have several areas of responsibility, including managing information security at DACHSER.
Mr. von Rützen, why is IT security important in logistics? What different aspects does that term cover?
Christian von Rützen: In a digitalized world, greatly complex and highly optimized value chains can function only if the corresponding data also flows in parallel with the flow of goods. This data must be available, accurate, and sometimes confidential as well. It must also meet all legal requirements worldwide. Availability, integrity, confidentiality, and compliance: at DACHSER, we rigorously align IT security to these four dimensions.
DACHSER has been certified to ISO 27001, the internationally recognized standard for information security, for almost ten years now. How has IT security developed over that time?
DACHSER has seen strong growth over the past decade. We have become even more international, we have integrated and standardized our IT systems worldwide, and we build sophisticated interfaces to our customers’ systems. Last but not least, the committed efforts of Corporate Research & Development give us a sizable innovation boost. In this dynamic environment, it’s enormously important to have sound processes in security, such as when it comes to assessing risks or dealing with vulnerabilities and incidents. Fortunately, we established these processes quite early on through the ISO 27001 certification, and were able to weave them into everyday operations.
Have the threats increased over time?
The pattern of attack attempts has been broadening for several years. Judging by the quality and quantity of these attempts, it’s clear that organized crime is becoming increasingly professional. At DACHSER, we also see all the attempted attacks to which active users are exposed on the internet—and these are increasing. For example, we’re seeing numerous attacks by e-mail. In some cases, these even come from the addresses of actual business partners whose systems have been successfully hacked.
Department Head IT Strategy Implementation at DACHSER
How is DACHSER positioned in terms of IT security?
On a fundamental level, safety is a team effort. One part of the team is devoted to the management of information security, which uses a risk-based approach to define the rules and specifications and verify that they are being complied with. Then we have the Security Operations Center, which detects and defends against attempted attacks at an early stage. Ultimately, all IT teams and all users contribute to security in their respective work environments. The key is for information security management to maintain close contact with the teams involved and affected. All those involved rise to the challenge as their tasks evolve, and they continue to develop in order to keep pace with the changing requirements.
How can every individual and every company contribute to improving cybersecurity?
Security is always the result of the interaction of technology and the correct operation of that technology. This is true outside of IT, too: it’s not enough to have a lock on your front door—you also need to lock it and not keep a spare key under the doormat. That’s why it’s impossible to overestimate the contribution that every employee makes on a daily basis. This primarily involves three aspects: exercising a healthy amount of caution and awareness when dealing with e-mail and the web; reporting incidents; and following security policies.
What do customers expect from DACHSER regarding IT security, and how are these expectations changing?
Just like us, our customers are in the midst of the digital transformation, significantly expanding their IT systems or building them from scratch and creating new valueadding interfaces. This innovation surge is taking place in a mature global IT industry. In contrast to the dot-com boom a good 20 years ago, there are now huge sums and the functioning of entire economies at stake. That’s why security and reliability are indispensable in this dynamic innovation phase. As I said, this applies equally to our customers, our partners, and ourselves.
IT security reflects the challenges of the digital transformation: protect what’s already there while creating something new, and make sure all stakeholders are involved and on board. We see keeping these three in balance as the greatest challenge of the coming years. Security-related aspects must be taken into account more than ever in order to successfully transform corporate IT into an orchestrator of software products; in other words, managing in-house systems in line with the best applications available on the market.
Certified IT security:
The internationally recognized ISO 27001 standard describes the secure handling of information in a company. It covers all aspects of information security: the technical disciplines of virus protection, anti-spam filters, and security of internet applications; fail-safe security and contingency planning; and organizational aspects such as confidentiality regulations or guidelines governing acceptable IT use. Continuous improvement must be demonstrated in annual audits to renew certification.