Information security is the practice of protecting information by mitigating information risks. Cyber security is the practice of protecting critical systems and sensitive information from digital attacks. Cyber resilience is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. These are the dimensions companies are permanently working on to reach an adequate level of protection.
For years, most business organizations have incorporated information security into their daily works. Unfortunately, in recent years, cyber security has become one of the top ten risks for businesses worldwide67. Attacks against companies are dramatically soaring in number, quality and scale. Nowadays it no longer seems to be a case of, “if you get hacked”, but “when you get hacked”.
Lenzing, its partners and suppliers, are all impacted by the various social, organizational and economic impacts of the ongoing pandemic crisis. Many companies (especially small and medium-sized companies) are increasingly migrating their IT workstations to cloud solutions. Vendors of IT-software and especially providers of IT and/or business services (cloud providers) are required to support governmental agencies and current customers on site. In addition, they have very high numbers of new business customers waiting to be taken on.
Criminal groups are specializing in various specific matters and offering their expertise for sale as a service. Stolen credentials, credit cards, known flaws in software/hardware/services are for sale on blackmail shopping portals in the undocumented part of the internet or the dark web. Even attacks, such as denial of service or ransomware as a service, can be purchased as easily as on the public internet. During successful attacks, sensitive data is often stolen and companies are blackmailed to pay high ransoms.
There is the alarming trend of cybercrime evolving into a criminal economy too – studies estimate attackers are generating annual revenues of EUR 1.5 trillion, which is roughly equal to the GDP of Spain68.
What does this mean for Lenzing? Is the company immune to such negative trends? Quite simply, the answer is “no”. As a global company, Lenzing is inter-connected with numerous business partners, authorities, customers and consumers at its numerous sites. During the last year, companies in Lenzing’s reach were hit by cyber attacks, causing a disruption of services and commerce and the closure of production sites.
Like many other companies in the world, the Lenzing Group has invested heavily in improving cyber resilience and information security. Existing security concepts have been challenged and adapted to the new normal. However, Lenzing not only relies on technical protection measures, but also strongly focuses on the awareness of its employees. Cyber security is not a project, but a permanent endeavor for the entire organization.
Information Security Policy
Protection of information is therefore a vital activity to each and every employee, contractor or business partner of all the Lenzing Group’s companies in order to proactively maintain and improve an appropriate level of security for all kinds of information processes. The Information Security Policy promotes a risk-based approach as key to achieving global compliance with information security and data protection. In doing so, Lenzing is balancing the rights and needs of the company, society and individuals.
Within the framework of this policy and applicable legal regulations, several directives/guidelines are in place, which are monitored and reworked on a regular basis, including:
- Lenzing Global Code of Business Conduct
- IT User Directive (secure use of the IT systems and the basic principles of data security measures)
- Smartphone Directive (mobile devices)
- Know-How Protection Directive (including classification of data and its processing)
- Secure storage of personal identifiable information
- Cyber Defense Operation Handbook