Cybersecurity is becoming increasingly important for companies, especially because of digitalization. Fresenius is no exception: its international IT subsidiary Fresenius Netcare is in the process of creating a global Cybersecurity organization. We spoke with Marius Fetzberger (Director) and Nikola Morgner (Senior Consultant) about the special challenges they face in this field. They also offered insight into their team and their everyday lives at work, and revealed where they currently see the greatest potential threats.
You both work in cybersecurity. Could you briefly explain what exactly you do?
Nikola: It’s kind of like protecting a house. We lock our front doors because we don’t want people to invade our living space and destroy or steal our possessions. Or we build a fence around our property because we want to keep strangers from trespassing. Cybersecurity is a similar concept, but a bit more complex.
Marius: In principle, it's all about understanding and defending against attacks, from both the inside and the outside. Hereby we always put the value of an information asset at the center of our defense strategies in order to implement effective and targeted security solutions.
Sounds logical. But I bet it isn’t easy at a decentralized company like Fresenius. Is that right?
Marius: Cybersecurity is a common concern and connects everybody. We try to take a holistic approach. We are bringing decision makers across all business segments together in order to develop a joint strategy and approach that will strengthen and protect our global brand and is in line with our strategic goals.
Nikola: IT at Fresenius is also about medical devices, products, and hospitals. We are part of a highly innovative business, which we support by recognizing important risks and developing the right risk response strategies in the context of digitalization and other business requirements. Every single Cybersecurity expert at Fresenius is a vital part to this.
Marius and Nikola in front of a dialysis machine from Fresenius Medical Care.
Nikola, you've been working for Fresenius for a very long time now. When did you first come across the topic of cybersecurity?
Nikola: That’s right, I’ve been working at Fresenius for 16 years now. I made a classic sideways career move into IT, as I originally trained as a doctor’s assistant. The IT field has always been really interesting to me, so I started going in this direction on my own. I started with the IT hotline, where I quickly discovered my interest in networks. After gaining additional experience, I then switched to the network department. Of course, security has always been an issue for networks; data lines need to be secured and firewalls need to be configured. The topic was exciting for me, so I took a further course in “ethical hacking” two years ago and then switched to Cybersecurity. I’m currently working to develop a global standard.
Let’s talk about “ethical hacking.” Could you briefly explain what that’s about and what role it plays at Fresenius?
Nikola: “Ethical hackers” work like real hackers, except that they don’t attack the systems and don’t cause any damage. They use this method to expose the holes in security and, in theory, see how far they come. At Fresenius, we work with medical IoT (Internet of Things) devices which are part of the network, so this issue is extremely relevant to us. Using these and other measures, we are ultimately contributing to the security of the company so that Fresenius can offer innovative and secure services for patients around the world.
Marius and Nikola speak with Christian from HR marketing.
What do you currently see as the greatest cybersecurity threats?
Nikola: “Social engineering attacks” currently pose the greatest threat. For many years, attackers have known that it isn’t the technology, but rather human beings that can be the weakest link in a security system. So they try to intentionally influence us to gain access to valuable, security-related information like passwords or sensitive data.
Marius: It's important that everybody is contributing to our overall security posture. We are working on innovative concepts to facilitate this and ensure each person is aware of their role as “human firewalls.” But the threat landscape changes every day, so we have to be flexible enough to adapt.
So is making cybersecurity accessible for all employees one of your main focuses?
Nikola: Yes, and I see it as a great challenge. Because of my history with the company, I have the advantage of already knowing several people here and have worked at many of the international Fresenius locations. So I know from my experience that the requirements for certain security measures are not the same everywhere, and we need to take this into account. We must understand the Fresenius world and its people. It’s also particularly important to tailor our “human firewall” strategy to different cultures.
That’s probably easier said than done. What else are you working on at the moment?
Marius: We are trying to expand our management system for Cybersecurity globally. It should help us to create a global standard and establish one level of security. We are also in the process of developing a “Cybersecurity Dashboard” that will enable us to achieve global transparency with regards to the threat landscape at Fresenius. During this process, we will rely on innovative approaches like artificial intelligence and automation to make our detect and respond capabilities more efficient. And of course the European General Data Protection Regulation (GDPR) is on our radar. Our IT systems need to be equipped with privacy and security by design principles to meet GDPR requirements. We need to factor these requirements in when developing systems and services in the future, even though we already have very high standards for information security. After all, we do work with sensitive data. We are not only protecting our customers, but also the people who need help and put their data into the hands of our customers.
Nikola and colleague Daniel discussing the design of the Cybersecurity Dashboard.
That sounds very exciting! What is a typical day at work like for you?
Nikola: There are days when I block time for theoretical work. Other days there may be several meetings where we advise customers on proper risk response strategies. We have many projects, and I am involved in quite a few of them.
Marius: Fresenius is very international. We are always collaborating with colleagues at locations worldwide.
Speaking of colleagues, how is your team organized?
Marius: We are constantly growing, and our goal is to further develop and expand the team over the next two years.
Nikola: What I think is great is that everyone is assigned tasks that play to their strengths and the level of responsibility that they are ready to take on. Each person has their specific areas of expertise, but we also work together on everything – it is really an enjoyable atmosphere. And we also spend time together after work, grabbing a drink or a bite to eat.
Marius: We really depend on everyone feeling comfortable enough to contribute ideas and make use of their capabilities. Our atmosphere and culture must promote a creative, flexible way of working and thinking. Especially in the field of Cybersecurity, jointly developed approaches are often the solution to mitigate Cybersecurity threats.
The Cybersecurity Team of Fresenius Netcare (from left to right): Marius, Daniel, Nikola, Bastian, Thomas (responsible for data protection)
What qualities do you look for in someone who might want to work on your team?
Marius: You should bring knowledge related to Cybersecurity. If you've worked in Information Security, IT security, or a related field, that’s a good place to start. What’s most important, though, is that you can apply these skills in such a way that our business understands exactly what added value you can bring to the table. In our company it’s also helpful if you are open-minded, enjoy communicating with international colleagues, and understand and value cultural differences. Since we work very openly and creatively in our team, it’s important to be able to see the bigger picture and express passion for your work.
Why is Fresenius an exciting place to work?
Marius: First of all, because of its size, products, and especially its international diversity. And also because we are making a difference in society by working in the healthcare industry.
Nikola: At Fresenius, the patient’s well-being always comes first, and it’s exciting to contribute to that with Cybersecurity. For me, the healthcare industry is the most interesting field you can work in.
In conclusion, is there a particular Fresenius experience that you are especially proud of?
Nikola: I am generally very proud of what we do at Fresenius and of how the company has been developing.
Marius: Every single department at the company tries to live the philosophy “Forward Thinking Healthcare.” Seeing this every day really makes an impression on me. And it makes me proud to be part of this community that strives to create a better healthcare experience.