Activities to fight cybercrime
As a consequence of last year’s assessment of Lenzing`s abilities along the Cyber Security Framework, several short- to medium-term activities to improve cyber resilience within Lenzing’s security program were started.
Examples of some of the activities that can be shared publicly are listed below.
Human factor: the best firewall
As outlined above, technical measures are important but cannot provide full protection in all situations. This is why empowered and security-conscious employees are essential as the first line of defense. Lenzing carries out several activities to promote these skills, including:
- Regular awareness initiatives through news articles on the intranet
- Regular information via group mails, info-screens and departmental or town hall meetings
- Ad-hoc information in the event of relevant observations in the neighborhood
- Tailored face-to-face trainings for IT employees, HR teams, finance, and accounting
- Keynotes on (virtual) corporate department summits
- Line for reporting any security concerns, questions, or potential fraudulent activities (including giving feedback and advice on topics raised)
- Security e-learning for each and every IT user
- Privacy e-learning for each and every IT user
The consciousness and awareness of Lenzing’s IT users has led to more than 230 reports on potential spam, phishing/malware, and fraudulent mails/calls/contacts worldwide in the reporting year.
Continuous improvement: paradigm for all activities
Targeted technical and organizational measures have been in place for several years to ensure data protection and combat data theft, the manipulation of business processes, and other forms of internet crimes. As technology evolves and the number and sophistication of attacks constantly increases, Lenzing is employing its best efforts by regularly checking and improving the appropriate measures at a similar pace.
Achievements of the year
Lenzing performs annual penetration tests to assess security measures. These tests, performed by highly skilled external partners, result in service improvement plans (SIPs). In addition, external security scorecards systems are frequently used to gain feedback from outside the company. Regular background checks are performed to search for potential threats, disclosures in the dark web or hacked accounts. All findings revealed by such assessments, tests and by reported incidents result in a security review, risk assessment, and, subsequently, corrective action.
There was a slight decline in “zero-day vulnerabilities” in terms of numbers, but not in terms of impact. There were 46 zero-day vulnerabilities (compared to 89 in 2021) for IT vendors, of which 22 (compared to 43 in 2021) were found in widely used products from tech giants such as Apple, Adobe, and Microsoft.
Ransomware and nation-state hackers use the disclosure and exploitation of vulnerabilities in enterprise resource planning (ERP), mails, collaboration, and knowledge-sharing-tools as means to harvest data and account information. To counter this, Lenzing emphasized the fast rollout of client and server patches to compete with the dramatically lowered times to exploit (and attack). Several campaigns included mobile device update cycles as well.
Since almost two thirds of ransomware attacks are orchestrated by phishing mails, Lenzing provided specific awareness information and e-learnings about phishing to its employees and subsequently tested the results in a phishing test. Lenzing also intensified its technical endeavors in this area. The IT infrastructure teams implemented additional safeguards on Lenzing`s IT assets during the year to improve security hygiene and to reduce the risk to everyday operations.
A vulnerability management process was implemented, as mapped out in Lenzing`s information security program, further increasing the pace with which the IT team closed open vulnerabilities as well as the visibility of the IT team. The still-high number of newly revealed vulnerabilities as well as revoked or reissued patches revoked or reissued kept the teams incredibly busy. However, the hard work enabled Lenzing to achieve key milestones towards improved threat detection and response capabilities. This quantum leap will help to detect and respond to attacks faster.