"The Russian attack on Ukraine has prompted us to take emergency management for the security of our information technology (IT) to an even higher level," says Tonio Schmetz, IT Security Manager at a. hartrodt in Hamburg. The family business adheres to the recommended measures of the Federal Cyber Security Authority (BSI), which recognizes an "increased threat situation for Germany". Cyber-crime phenomena include phishing emails related to the Ukraine war. "We are offering all forces to protect customers from problems," Schmetz states clearly.
Cyber attacks with possible side effects
While, according to the IT news service "heise online", a group of Russians is behind the "Dridex" hacker group, Schmetz is not only observing Russian cyber attacks: "Even if Ukrainian hackers attack Russian IT, that can have side effects on us." In early March, the shipping company Hapag-Lloyd was the victim of a possible spear phishing attack. To prevent failures of critical infrastructures in the transport sector, a. hartrodt pays high attention to IT security.
Phishing training, mail filter, customer audit
The focus of a. hartrodt is on ongoing, internal phishing training for around 2,000 employees worldwide. "Via our multilingual web portal, we send out mails that are intended to intercept sensitive data," explains Schmetz. The aim is to ensure that employees do not click on malware, but report it. An external data protection officer is on hand to provide advice. In addition, a. hartrodt intensively uses mail filters that automatically hide malware. Furthermore, the systems are monitored preventively and continuously with a Security Operation Center. There are also audits with customers on security requirements such as access control to forwarding systems, availability and quality of backups or patch management for updating systems.
Schmetz has been managing digital projects for a quarter of a century, and security is a "matter close to his heart". He is currently working flat out on ISO 27001 certification for a. hartrodt's IT security management system.