Segurança da Informação
Cyber Security
KODS 2030
100% of direct and indirect employees included in the digital language necessary to support the cybersecurity culture, ensuring the protection of personal and company data
Percentage of direct and indirect employees included in the digital language
Category | 2020 | 2021 | 2022 | 2023 (Preview) | 2030 Goal |
---|---|---|---|---|---|
Total number of direct employees | 15,037 | 17,436 | 18,394 | 17,739 | |
Total number of indirect employees | 2,304 | 2,723 | 2,200 | 2,400 | |
Trained direct employees | 8,340 | 8,659 | 10,739 | 15,864 | |
Trained indirect employees | 120 | 962 | 726 | 960 | |
% of trained direct employees | 55% | 50% | 58% | 89% | 100% |
% of trained indirect employees | 5% | 35% | 33% | 40% | 100% |
An awareness plan on the topic of cybersecurity was developed with the support of the areas of Internal Communication, Klabin Business School, Legal and Automation Technology. This challenge enabled the creation of a cyclical and ongoing process of awareness, up-to-date and flexible.
Below are the numbers of participants and viewers of the content created and developed on the topic of cybersecurity.
- 740 lectures and workshops;
- 3,727 training sessions conducted on the Klabin Business School (ENK) platform;
- 26,579 phishing email simulators sent;
- More than 5,000 views of security videos and internal podcasts on the topic.
The Cybersecurity Policy and primer are Klabin’s official documents that guide employees on the posture, good practices and duties required to maintain an environment with a reduced risk against cyber attacks. All the content was developed based on the framework of the ISO27001 and IEC62443 standards, focusing on the following main topics:
1 – Information classification;
2 – Confidentiality and privacy;
3 – Workplace;
4 – Internet access;
5 – Social media;
6 – Email and communication APP;
7 – Intellectual property;
8 – Access;
9 – Backup;
10 – Incident.
In 2023, we increased the number of phishing simulation campaigns and, with the support of the Corporate Communication department, we sent out Cybersecurity articles to all users fortnightly, as well as conducting workshops related to the subject.
Undertaking goals linked to the topic by executives
2022 | 2021 | |
---|---|---|
Managers | 6.0% | 3.0% |
Directors | 14.0% | 8.0% |
Total executives | 50 | 26 |
Cybersecurity Management is headed by a Chief Information Security Officer (CISO), who is accountable to the Information Technology Board, which in turn is accountable to the Executive Board and the Board of Directors. The topic is included in the Company's risk assessment and all initiatives are guided by standards, frameworks, and legislation applicable to the segment, such as: IEC:62446, ISO27001, NIST, CIS, LGPD, Brazilian Civil Rights Framework for the Internet. All this governance was designed to support control initiatives in the quest to reduce cybersecurity risks and ensure the confidentiality, integrity, availability, and authenticity of information with an integrated vision of the administrative and industrial environment.
Cybersecurity is responsible for identifying, assessing and reporting legal and regulatory, IT and cybersecurity risks, while supporting and promoting business objectives. During the process of creating the cybersecurity journey, aligned with Klabin's strategic drivers and market references on security, an internal framework was developed that objectively addresses these challenges and supports the digital transformation.
Mission: to ensure the confidentiality, availability and integrity of Klablin's information through innovative processes and solutions that provide real results for the business and allow for the trust of customers, employees, society, and shareholders to be maintained.
Vision: to add value to the organization's image by increasing cybersecurity through efficient risk management with a focus on confidentiality, availability, and integrity of the information in the administrative and manufacturing environment.
Klabin created a method for measuring information security maturity, based on the standards and framework (ISO27001, IEC62443 and COBIT). All controls applied are monitored and evaluated based on the maturity defined by COBIT (Control Objectives for Information and Related Technology - set of management practices for management and governance of IT processes), being:
0 - Not implemented;
1 - Initial;
2 - Managed;
3 - Defined;
4 - Quantitative;
5 - Optimized.
In 2022, the measured level of maturity of the monitored processes stood at 3.6, an improvement compared to the level of 3.01 achieved in 2021.
The year was marked by the conflict between Russia and Ukraine, which was undoubtedly one of the most significant events of the year in terms of cybersecurity, particularly because it was the first major armed conflict in history to have significant repercussions in the cyber realm.
Updated and verified on: 12/26/2023
28/09/22