DSV is reliant on IT. Virtually all our business and information is processed through IT systems. For that reason, downtime is a serious matter that can lead to serious losses and inconvenience – depending on the timing and length of the outage.
The threat of malware is real and constant and something DSV dedicates many resources to counter, monitor and control. We are satisfied that we have taken the necessary steps to minimise risk as much as possible - both organisationally and technically. This is of course a continued process.
Our setup includes a Security Operation Centre whose purpose is to monitor, detect and report on any type of malware entering our systems – and we work with an external cyber security consulting firm to ensure that we include the latest knowledge in our countermeasures.
Furthermore, we have designed our data centres and network to make them resilient to attacks – both physically and in terms of cyber attacks.
A multi-factor defence
Our strategy has recently shifted towards detecting and containing rather than just shielding – because it’s impossible to keep out malware entirely. Anti-virus and intrusion prevention is still very much in place, but we have also introduced measures to prevent any intruding virus from spreading within our network.
At the same time, we are careful not to neglect the cure aspect in case prevention fails. Disaster recovery is very much part of the overall plan and our capabilities is constantly being improved based on the current threat view.
Even the best cyber security setup is no guarantee
In very general terms, our cyber security strategy can be summed up as follows:
- User information to ensure safe behavior on all our platforms.
- Prevention technologies from market leading security companies.
- Segmentation of our global network to prevent any attacks from spreading to the entire network.
- Standardisation of systems to ensure that our portfolio is highly manageable and up to date.
- Redundancy of data centres to ensure that we can keep operating even if one of our centres is hit.
- Disaster recovery, in case our line of defence is breached.
- Major incident management procedures ensure that we can act fast if DSV is hit by a cyber attack.
- Governance, policies and controls are based on – but not limited to - the principles from international standards as ISO27001, ISO27002 and SANS Critical Security Controls.
There is a lot of detail, processes and procedures under this framework of course, but it’s important to highlight that even with the best cyber security setup in the world, there are no guarantees.
In the event of an attack, we will activate our contingency plans, including disaster recovery protocols and emergency communication setup to keep stakeholders informed of any ramifications.