Cybersecurity and IT Security
Strategy
IT security is very important for Covestro and is designed to ensure data confidentiality, integrity, and availability. At the same time, a global increase in cyber threats is evident. Cybersecurity is aimed at ensuring a robust defense against attacks.
In addition to the safety and security of employees and plants, information security and uninterrupted workflows are particularly important to Covestro. We therefore systematically focus our security strategy on these targets, paying attention to the attacker groups.
The attacker profile has changed significantly in recent years, with attackers from the organized crime sector now representing the largest group, often attacking people or systems exposed on the internet, i.e., accessible from the internet. Due to the current geopolitical situation, the focus has also shifted to the group of state actors.
Governance
Covestro has established a central information security committee to ensure close consultation among the relevant departments (Corporate Security, Information Technology and Digitalization, and Information & Operational Technology Security, including Cyber Security and production).
Further decision-making and management bodies focusing on risk, compliance, and crisis management as well as on information security management are firmly established at Covestro.
Security is already taken into account during system and software development (security by design) and Covestro’s security requirements (standards, policies) are based on international standards such as ISO 27001 and IEC 62443.
Actions
A central anchor point of our security architecture is to raise awareness among employees and train them by conducting global campaigns and compulsory web-based training on topics such as phishing or the secure use of web browsers.
We use modern IT tools in continuous security monitoring processes to detect any attempts to attack our IT systems, and continually improve these tools. Monitoring is performed by an in-house team of security experts at our Security Operation Center (SOC). The aim is to detect anomalies and suspicious events in our IT infrastructure in real time, and these may also be indications of cyberattacks. We carefully analyze and assess such indications and, if necessary, appropriate countermeasures are taken promptly.
Every month, our central security email inbox receives a triple-digit number of reports by employees about suspicious emails, so that any current attack campaigns that may have evaded the technical measures can additionally be detected.
For our cloud environment, risk-based security tests are carried out on a continual basis, as are unannounced security gap reviews (using techniques such as red teaming).
Covestro gets information on the general security situation, e.g., from security experts and by using the consultancy services of appropriate external providers, for example with regard to potential cyber threats (threat intelligence).