Profitable companies are partic­ularly at risk

Many companies operate in complex, global and digital ecosystems – and that offers a growing number of potential targets for cybercriminals.

While digitalized infrastructures advance industrial companies and the economy, they also provide an enormous sphere of activ­ity for criminals. In Germany alone, the number of cyber­attacks in 2019 increased by more than 15 percent to over 100,500 compared to the previous year. Cyberattacks have become a criminal business model that costs companies billions every year, making cybersecurity risks one of the leading risks compa­nies face today. Cyberattacks can take a variety of forms, from data theft and ransomware to system takeover with potentially far-reaching repercussions for production processes and supply chains. In the worst-case sce­nario, loss of information can have eco­nomic consequences or damage reputa­tions. The impact of the COVID-19 pandemic has brought about a new momentum in IT security. Cybercriminals tend to respond quickly to socially relevant topics and trends – and adapt their attack campaigns appropriately.

According to Stefan Tittel, Head of Group IT at Symrise, related phishing activities have been seen since the beginning of the pandemic. “Emails are one of the most important interfaces to customers, sup­pliers and service providers – and at the same time the biggest gateway,” says the expert. To bring more at­tention to the issue, Symrise Group IT launched a global phish­ing campaign in 2019 that high­lighted characteristics of mali­cious emails because education and prevention are extremely important to combat this. “We showed employees how they could tell that it was a phishing email and set up a security con­cept under the guidance of Jesse Sonne, IT Compliance & Secu­rity Manager,” explains Stefan. “It may be the sender, a suspi­cious link or a latently aggressive and pushy tone of voice – the identifying features of a phishing email vary. The high level of participation and the overall increase in attention show us that Symrise employees are becoming more mindful and more cautious,” Jesse concludes.

It is important that every employee knows the safety rules and acts strictly according to them.

Stefan Tittel, Head of Group IT

Nevertheless, there was a cybersecurity incident in the global IT networks before Christmas. The global teams reacted im­me­­diately and worked intensely to devise a strategy to deal with the incident in close coordination with external security spe­cialists. The highest priority here was the fastest possible restoration of im­portant IT infrastructures and business processes as well as the sustainable pro­tection of individual systems. Accord­ingly, initiatives included in the IT strat­egy were brought forward and launched immediately. A security incident response center was set up in a very short time to implement necessary security mea­sures. For example, all Symrise employees who have a com­puter workstation were urged to come in for a security update before the holidays. The update checked whether the computer was affected by the cyber­security incident and at the same time in­stalled additional security software. Likewise, employees were reminded to be vigilant against phish­ing attempts and to strictly follow the general security guide­lines from Group IT. “Many cyberattacks are less sophis­ticated techno­logically and don’t rely on network gaps – phishing emails will do.

Technological tools cannot replace com­mon sense and a little skepticism. IT security must be understood as a holistic topic,” explains Stefan. The origin of the incident is being investigated at the same time. “This is why we have to be careful with detailed information about our measures,” says Stefan. Comprehensive and thorough investiga­tions are underway, in­cluding by authori­ties, which have not yet been completed. Companies like Symrise that report cyber­security incidents also receive support from the German Federal Office for Infor­mation Security and the German Federal Office for the Protection of the Consti­tution. ­ The intensive analysis and knowledge gained from the incident at the Holz­minden site made it possible to apply this under­stand­ing to the international sites and successively restart the systems and production processes. This enabled a rapid return to smooth communication with customers, suppliers and other business partners.

You can find all the UN Sustainability Objectives in the SymPortal:

© Symrise All rights reserved 2020