Prevention and cure
We dedicate significant time and resources to cyber security
DSV is reliant on IT. Virtually all our business and information is processed through IT systems. For that reason, system breakdown is a serious matter that can lead to significant losses and inconveniences – depending on the timing and length of the outage.
The threat from malware and phishing is real and increasing, and DSV has dedicated many resources to counter, monitor and control these threats. We are dedicated to minimising risk as much as possible - both organisationally and technically.
Our setup includes a Security Operation Centre whose purpose is to monitor, detect and report on any type of security event entering our systems, and we work with external cyber security partners to ensure that we include the latest knowledge in our countermeasures.
Furthermore, we have designed our data centres and network to be resilient to attacks – both physically and in terms of cyber-attacks.
A multi-factor defence
Our strategy has shifted towards detecting and containing rather than just shielding – because it’s impossible to keep out malware entirely. Anti-virus and intrusion prevention are still very much in place, but we have also introduced measures to prevent any intruding virus from spreading within our network.
At the same time, we are careful not to neglect the core aspect in case prevention fails. Disaster recovery is a key part of the overall plan, and our capabilities are constantly being improved based on the current level of threat.
Even the best cyber security setup is no guarantee
In general terms, our cyber security approach is defined by the following key points:
- Prevention technologies from market leading security companies
- Segmentation of our global network to prevent any attacks from spreading to the entire network
- Standardisation and consolidation of systems to ensure that our portfolio of systems is manageable and updated with latest security patches
- Redundancy of data centres to ensure that we can keep operating even if one of our centres is hit
- Defined and tested disaster recovery processes, in case our line of defence is breached
- Major incident management procedures ensure that we can act fast in case of a cyber-attack
- Governance, policies and controls are based on – but not limited to – the principles of international standards such as ISO27001, ISO27002 and SANS Critical Security Controls
Needless to say, there are a lot of processes and procedures under this framework, and it is important to highlight that even the best cyber security setup provides no guarantees.
Contact Thomas Zakarias, CISO / Senior Director, Group IT Compliance