The global spread of the SARS-CoV-2 virus in 2020 led to a 3.5 percent decline in global economic output compared with the previous year. In the wake of varying resilience of sectors, there has been increased discussion of the opportunities of digitalization for the economy, for example through home office and automation, and calls for more digitalization. However, according to the team of authors of the new study at RIFS in Potsdam, this raises the question of whether the degree of digitization can actually be linked to the economic performance of economic sectors during the crisis. This is because there is little evidence of a correlation between the socioeconomic performance of sectors and their degree of digitization, they say. Although the study refers to the situation in Germany, it certainly allows conclusions to be drawn about the Swiss economy, which had to contend with similar conditions during the pandemic.

Government support may have increased resilience

The researchers used stock market performance, gross value added (GVA) and employment data to analyze resilience and compare it to the degree of digitization of economic sectors in Germany in the pandemic year 2020. Their question: What differences can be identified in socioeconomic resilience between more and less digitized economic sectors in the Covid 19 crisis in Germany?

The study results cannot confirm that highly digitized sectors were consistently more resilient than less digitized sectors during the Covid 19 crisis, according to the RIFS team. Sectors with high and medium digital intensity did show better stock market performance than those with low and medium digital intensity. However, the high fluctuation and uncertainty in the stock market was detrimental to the resilience of the economy, they said. Industries with low digital intensity, on the other hand, performed better in terms of gross value added and employment than those with high and medium digital intensity, with the exception of the information and communications sector. Specifically, the data showed that low- and medium-digital-intensity industries - such as public administration, education, defense, health, social work, and construction - were the only ones that saw employment increase during the pandemic, with the exception of the information and communications sector.

"The observations ultimately led to the thesis that digitization may not be a panacea for achieving social and economic resilience in the economy in times of crisis," says first author Stefanie Kunkel. A positive correlation of digitization with stock market values is relevant for investors, she adds. However, it was precisely 'people-oriented', public sectors such as health and education - with lower levels of digitization - that seemed to contribute more stably to value creation and employment during the crisis. However, the authors around Kunkel pointed out in the study that it was not an analysis of causal relationships. One of their conclusions: Government support plays a significant role in the resilience of sectors in the crisis - some studies go further and conclude that government support is possibly the main reason for resilience in the crisis.

Recommendations for the economy

A policy that focuses only on promoting digitization in order to mitigate future crises could prove misguided. Digitization not only leads to changing occupational profiles, potentially favoring better qualified workers and leading to greater wage inequality, but also poses ecological risks such as increased energy and resource consumption. Instead, resilience policies and financial support programs in times of crisis should focus on strengthening social and environmental resilience by targeting sectors that promote stability and support a broader socio-ecological transformation in line with international sustainability goals, such as the United Nations Sustainable Development Goals.

Recommendations for companies

For companies, the team recommends that managers create work environments in which remote and on-site tasks are evenly distributed among employees to avoid widening the digital divide among the workforce in times of crisis. In terms of environmental goals, digital technologies should be used to measure environmental parameters, reduce energy and material consumption along the supply chain, and identify greener business models, for example in the context of the circular economy. In this way, employees in future crises could benefit more evenly from digitization, improve their digital skills, and reconcile social, economic, and ecological goals.

With this analysis, the question for future crises could already be asked today: What factors enable the digitization of industries to support the achievement of goals such as well-being and environmental protection? Now and in the future, a change toward higher ecological standards should ultimately be initiated, because the past crisis alone did not lead to this.

Source: RIFS

The consequences of a cyber attack can be devastating. They range from financial losses to reputational damage to legal repercussions. And the risk is increasing. Latest Studies confirm that ransomware attackers succeed in encrypting data in 71 percent of attacks and that the overall cost of recovery doubles when a ransom is paid. In addition, data is also stolen in 30 percent of ransomware attacks in Germany.

The good news: companies can protect themselves against this by taking into account the five pillars of cyber resilience: identify, protect, detect, respond and recover. However, mistakes keep happening in the implementation of cyber resilience, which subsequently imply supposed security - just long enough for cybercriminals to find a gap in the seemingly secure wall of protection and cause major damage. The experience of Arcserve's data security and recovery specialists shows that there are usually three mistakes in the affected companies that lead to high risk and subsequently contribute to damage from cyberattacks.

The value of digital data is underestimated

One of the most consequential mistakes in cyber resilience efforts is that organizations misjudge the importance and value of their data. To realize the strategy of cyber resilience in cybersecurity, it is essential to fully understand the exact value of data, including intellectual property, customer data and proprietary information. Only then will leaders realize the importance of data to the business and what resources, budgets and solutions are needed to protect it. Often, insufficient awareness leads to inadequate protections, such as weak passwords, outdated software, and inadequate access controls, exposing the business to cyber threats in the first place.

The fact is that with the increasing reliance on digital technologies and data-driven decision-making processes, digital assets are more valuable than ever. Nevertheless, cybercriminals are on the hunt for this very data, because in addition to encryption, business interruption and ransomware, it can be sold underground at horrendous prices. Organizations should therefore conduct a thorough risk assessment to identify their most important assets, better understand potential Achilles heels, and implement robust security policies to protect data. These measures should include continuous monitoring, patching and updating systems and software, and implementing strong authentication mechanisms and encryption protocols.

Companies should also pay particular attention to checking potentially outdated operating systems and applications. This is because these can represent a significant problem and gap in the data security strategy - for example, if a backup provider cannot support the outdated operating systems. It's important to assess how many legacy applications are running on older operating systems and whether they can be backed up. If a company is still running legacy applications - perhaps forced to do so - and they cannot be backed up, it is essential to solve this problem to ensure data protection and security.

The ineffective management of risks by third parties

Many companies increasingly rely on third-party vendors, suppliers and service providers to support their business operations. These external partners often have access to critical systems, data and networks. But not all third-party providers have a solid cybersecurity structure in place and can become a critical vulnerability or gateway for cyberattacks.

Organizations often fail to thoroughly assess the cybersecurity of their third-party vendors and ensure that they adhere to at least the same security standards as they do. Poor cyber resilience at third parties can create vulnerabilities in the cybersecurity chain. This gives cybercriminals the ability to exploit vulnerabilities in third-party systems and gain unauthorized access to a company's data or systems through the digital chain (supply chain). Comprehensive due diligence on third-party vendors provides a remedy. This assesses their cybersecurity capabilities, which simultaneously leads to solid contracts and agreements that clearly define security expectations and responsibilities. Of course, this one-time status quo does not last forever. Regular audits of third-party vendors ensure that they do not slacken in their security efforts, but rather adapt and evolve their security in light of the ever-changing threat landscape. Incidentally, such audits are also the basis for compliance with data protection regulations.

Third-party cyber risk is particularly acute for organizations operating in a hybrid cloud environment. This is because supporting different cloud platforms and ensuring that they work well together can be complex and result in security breaches. The solution: organizations should develop an appropriate data protection and recovery strategy for their hybrid cloud environment. This includes choosing a cloud storage solution that provides continuous snapshots, multiple recovery points and security controls for private, public and SaaS environments.

Contingency plans without testing are rarely good in an emergency

Companies invest considerable resources and budgets in the development of emergency plans. The goal is to nullify or at least mitigate the effects of cyberattacks in an emergency. However, such plans often disappear in a drawer without further review or continuous adaptation until one day they are needed. By then, however, it is often too late, because no one knows whether the plan will actually work, since neither the interaction of employees and technology has been tested and practiced, and because too many general conditions have changed significantly since the plan was created. Experience shows that incident response strategies and plans are only effective if they are regularly tested, refined, and updated based on evolving cyber threats and changing business needs.

To eliminate this problem and to determine the effectiveness of emergency plans, companies should regularly conduct exercises or simulated cyberattack scenarios. These exercises help identify gaps and weaknesses in the plans and make necessary adjustments. This includes a detailed evaluation of the tests to determine the effectiveness of the response and potential for optimization. This continuous feedback loop is critical to improving an organization's response capabilities and the effectiveness and relevance of its plans.

Conclusion: Safe with security

One thing is clear: as the threat landscape evolves, organizations must avoid mistakes in their cyber resilience efforts. Understanding the value of data, effectively managing third-party risks, and actively testing contingency plans on a regular basis are the foundation for functioning and robust cyber resilience.

Author: 
René Claus is EMEA MSP Sales Director at Arcserve.

The German company Faulhaber is known for drive solutions that are used worldwide. For example, in medical and laboratory technology, optics, automation and robots of all kinds. Motors from this manufacturer have even been used on challenging Mars missions. From the very beginning, Faulhaber has specialized in solutions that are as small as possible, but with powerful drives. The company was founded in 1947 and settled in Ticino, Switzerland in 1962. Faulhaber Minimotor SA in Croglio was followed by Faulhaber Precistep SA in La Chaux-de-Fonds, in western Switzerland. Other production sites are located in Bioggio and in Grenchen.

Shared vision to strengthen brand

The new joint appearance unites the Swiss subsidiaries into one company under Faulhaber SA. The merger of the companies is part of a new strategy to increase Faulhaber's market presence and competitiveness in Switzerland and internationally in the long term. The two managing directors Dr. Jonas Grossenbacher (La Chaux-de-Fonds) and Steffen Pruchnik (Croglio) have been jointly heading Faulhaber SA since June 2023. "By merging to form Faulhaber SA, we are pursuing the goal of further expanding our market share," says Co-Managing Director Steffen Pruchnik.

Nothing changes for employees

The employment contracts and conditions of employment of the total of more than 450 employees at all locations in Switzerland will remain unchanged. Jonas Grossenbacher, Co-Managing Director, is also looking forward to new challenges and a breath of fresh air: "I am particularly pleased that the merger will bring us closer together and enable us to pursue a common strategy. The challenge now will be to network and manage four sites in three cantons in the best possible way." But the company's management is positive that its market share will develop positively in the coming years. Particularly in the area of customer-oriented special solutions, the company has been a reliable partner in the industry for many years.

Source and further information

PwC estimates that the global volume of cashless payments will increase by more than 80 percent between 2020 and 2025, reaching nearly 1.9 trillion transactions. The rise in bank transactions in traditional e-commerce pales in comparison to the explosion in subscription e-commerce - a market that is expected to grow from $72.91 billion in 2021 to $904.2 billion in 2026, with a CAGR of 65.67 percent. There is ample evidence that modernization is high on the agenda. However, the explosive growth in transactions places a new emphasis on renewing systems to handle demand. Banks have little tolerance for technology transformation initiatives that take years to deliver even incremental improvements in scalability and resiliency, customer experience and operational efficiency. Far too often, initiatives do not address the root cause, which is fixing the technical debt.

Every bank needs to get its risk management and governance in order. This includes regularly carrying out stress tests in which various future market scenarios are modeled. The purpose is to determine whether the bank has an adequate financial cushion for the worst conditions. Such tests should be combined with the collection of liquidity and other metrics. All metrics should be transparent and ideally published as information.

According to the latest EY Banking Barometer 2023 it seems that, due to the current very uncertain environment, banks are once again looking to focus more on cost-cutting programs and efficiency enhancements. The latest Swiss Private Banking-Deloitte's study concludes that technology will replace the human element in the future. New opportunities will be created that will allow banks to bundle offerings, reach more customers, use social media and build networks. In addition, technology will allow them to work more efficiently, implement updates faster and more cost-effectively, and use multiple platforms to increase employee expertise. Marc Meignier, Leader Cloud Romandie tells us more about some of the technology trends in banking.

Where and how the data is stored by banks

Oracle supports many financial institutions, including public and private banks in Switzerland and around the world, with a variety of technology solutions that meet their specific needs. These include, among others BPC, German Bank, Volkswagen Financial Services, BBVA, Erste Group Bank, Crédit Agricole, HSBC and Lalux.

As cloud technology enters a more mature phase, we are finding that there are specific and unique cloud technology requirements for each financial institution. Common to all is the desire for a clear and transparent understanding of where data is stored, how it is processed, and by whom. But also how to take advantage of cloud technology, such as speed or scalability, and the ability to drive innovation faster. That's why we've developed a distributed cloud strategy that offers different cloud services depending on workload and customer requirements. Options offers. The commonality of this model is that the same secure base technology is used across our cloud infrastructure portfolio. Options include, for example, public cloud services, multicloud, hybrid cloud services or a dedicated cloud. We let our customers choose whether they want to work in the cloud, in a hybrid model (see below), or on-premise. Many private banks choose the latter, and some banks prefer to keep their data in the locations where they operate rather than running it in the public cloud. This allows them to meet their specific data governance and residency requirements.

For example, Deutsche Bank uses Oracle Exadata Cloud@Customer, to run thousands of financial workload databases in the bank's own data centers. It is already benefiting from significant cost savings and a reduction in energy consumption for running these databases at 50 %. The corporate and investment bank of Crédit Agricole in France and Lalux Insurance in Luxembourg are reaping the benefits of their on-premises cloud deployments in terms of performance, operational costs, flexibility and data sovereignty.

The Swiss-based company BPC (Banking, Payments, Commerce), which provides payment solutions for virtually all digital payments players, decided to move its payments suite to Oracle Cloud Infrastructure (OCI) to meet growing customer demand from multiple regions and save on hardware costs. Ultimately, the company gained a competitive advantage by reducing the time it takes to onboard new customers, enabling it to offer fast and innovative payment solutions.

What about security in banking?

When it comes to data security, no industry is as challenging as the financial services sector. Banks, credit unions and other financial institutions are consistently among the organizations most frequently targeted by cyberattacks. Attackers seek to gain access to information systems and capture sensitive financial data that they can then use for their own financial gain. Attackers use a variety of constantly evolving techniques, such as compromising application or privileged user credentials, exploiting misconfigured database systems, and attacking unencrypted data.

Financial institutions must not only protect their data from attempted attacks, but also comply with ever-changing and growing regulatory requirements, including regional data protection regulations. Despite these immense challenges, most financial institutions are able to protect their sensitive data, satisfy examiners and comply with regulations - all while maintaining successful financial margins. We support organizations in their zero-trust initiatives through our cloud, which is designed to provide customers with integrated security services. Once configured, these services help secure workloads in the cloud quickly and effectively.

Why banks are particularly demanding cloud customers

Each bank has its own requirements, tailored to its customers, existing systems, regulatory requirements, etc. Data sovereignty is one of the most important aspects of financial services, but not the only one. They actively seek IT modernization and increasingly rely on digital technologies to cut costs, innovate on a large scale, and offer new services to customers. In many ways, this is similar to other sectors, so Oracle's broad portfolio of cloud infrastructures, back-office and purpose-built financial services applications meets these needs.

Banks also have special requirements in areas such as financial crime and payment processing. Therefore, we also offer a range of Cloud-based services todeveloped for financial services companies. These include highly scalable demand deposit account processing for enterprises, real-time global ISO20022 payment processing, digital service capabilities, anti-money laundering solutions, and more. These offerings enable banks to modernize their business capabilities faster and with less risk.

From a data governance perspective, banks are indeed regulated, so the issue of data governance is of great importance to them. There are interesting parallels with the healthcare industry. The Geneva hospital HUG for example, is using Oracle Exadata Cloud@Customer to modernize its technology infrastructure and accelerate the migration of its systems to the cloud. The hospital will migrate the majority of its database systems to Oracle Exadata Cloud@Customer, a deployment option of Oracle's Exadata Cloud Service that is delivered as a managed service in the organization's own data centers. As a private cloud platform, Oracle Exadata Cloud@Customer will enable the hospital to consolidate critical systems into a single IT platform while keeping data on the hospital's premises and within its firewall.

Author:
Marc Meignier is Cloud Leader Oracle Suisse Romande. www.oracle.com

As a cloud service provider and Swiss Google Cloud Partner, StackWorks replaces complex IT infrastructures with simple, secure cloud services. The cloud consultants around founder and CEO Ishan Don make companies as well as schools fit for the digital age with the goal of being up to the work and learning of tomorrow today and a step ahead of the competition. The services begin with consulting and support in the development of their Google Cloud infrastructure. They continue with the practical implementation of all necessary measures as part of the migration to the Google Cloud and range from training to support and further development of the IT infrastructure. 

Intensive audit

StackWorks has now introduced a quality management system that defines and documents all management, core and support processes. These serve as a tool to ensure that work is comprehensible and carried out according to high quality standards. To ensure that this works in practice, StackWorks commissioned an independent audit of the system. After intensive checks of the processes, the auditors came to the conclusion that the quality of the services was convincing. StackWorks was well organized and could receive the certificate. "We are extremely happy about this," says Ishan Don, founder and CEO of StackWorks. He explains: "The ISO 9001 certification is an internationally recognized proof of our quality when we support companies and organizations in replacing complex, expensive IT infrastructures with simple, secure as well as cost-effective cloud services. This allows us to send a clear signal at a time when correct processes are becoming increasingly important in terms of IT security and productivity."

Benefits for customers and employees

The certificate shows customers that StackWorks operates efficiently according to uniform standards. Mariana Mark, Head of Internal Operations at the cloud service provider, gives an example: "If an employee is down, business doesn't stop. Substitutions are clearly regulated and every team member knows where to find which information. We can continue to work seamlessly and devote ourselves entirely to our core tasks, which benefits the customers."

This way of working also has a positive effect on employee satisfaction. This is because the reliable flow of information is part of the pleasant working conditions. Onboarding is mastered systematically. This in turn represents an important milestone for the further growth of StackWorks. Last but not least, it motivates every employee to get involved and continue to contribute to the ongoing perfection of the processes. Because one thing is certain: StackWorks also intends to master the independent audit based on random samples in a year's time.

Source and further information

When developing electronic systems, manufacturers are often forced to focus on factors other than electromagnetic compatibility (EMC). For example, components must be economically producible, have high performance and meet the requirements of the application. In addition, EMC is often only tested at a later stage of development or even in the production phase, which can lead to higher costs and delays if rework becomes necessary.

A quality-oriented procedure for design EMC and a test of internal EMC before components and machines are placed on the market are a necessary evil. But they also offer a lot of potential to increase the overall efficiency of a piece of equipment in the long term, especially in the use phase. Software such as ESMA can help here. It enables a software-supported "QM process EMC" that allows manufacturers and users to record and analyze important parameters at various points in the planning and production cycle with the help of an assistance system. In this way, producers of equipment are supported in the design and cost planning phases through risk analysis and the scalable use of constructive measures.

Increasing production efficiency through INTRA EMC type testing

The procedural steps of the construction are interrogated step by step and project-specific measures are to be defined in the process. Based on this preliminary work, risk priority mitigation factors are activated from the database and hierarchically algorithmically evaluated. For each process step, the mitigation factors are stored in a differentiated manner for each of six impact options in the system. The respective impact chain is considered, e.g. device (G) to device, device (G) to line (L) or far field (F) to device. The more than 400 process steps multiplied by six influence paths each and three effect factors each of the probability of occurrence, fault detection and damage consequence according to FMEA result in more than 7,000 factors in the database and this shows the accuracy of the risk priority calculated by multiplying the project-related factors.

Relevant measured values can also be recorded with the LogAmp measurement method for the validation of electromagnetic parameters in the close-up range within operating equipment. The advantage of the measuring device is that it can be used easily and cost-effectively by maintenance personnel without special EMC expertise. A simple comparison of the "marker values" during type testing, maintenance and repair and with target values from the database in ESMA, based on the EN 61000-4-39 standard, with defined immunity categories, is sufficient. This enables a "good/bad" analysis on site. The amplitude curve and equivalent value recorded by a logarithmic module in the device is output as a so-called "marker value" for the energy content of the amplitude density. The measurement is performed in the three relevant frequency ranges for the near range (10 kHz to 150 kHz, 150 kHz to 1 MHz, 1 MHz to 10 MHz).

Avoidance of production interruption with minimum maintenance effort

Since downtime must be avoided at all costs in numerous production areas, deviations from EM parameters should be detected before a fault occurs. EMC tests at a wide interval by external testers can only do this to a limited extent. Instead, a separate maintenance interval should be established that is based on the predefined failure probabilities of the individual EM-relevant systems and components. In this way, maintenance tasks can be synchronized with planned production breaks, for example. Using the measured values of the "INTRA EMC type test" as a target specification for the utilization phase, it is possible for plant operators to carry out regular, close-meshed condition monitoring with the help of a digitized assistance system and mobile measuring devices. Due to the improved, digitized data basis, proactive maintenance can ultimately be ensured without interrupting production due to unexpected malfunctions.

In the course of this, "INTRA-EMV tests" should be carried out regularly with mobile measuring devices. A change in an EM parameter such as magnetic near field, interference current or interference voltage are already an indicator of degradation or fatigue of mechanical or electrical assemblies, e.g. ESD discharge brushes, shaft bearings, PE connections, cable shielding supports or EMC glands. If the deviations are regularly checked and detected in time, failure can be better predicted and at the same time spare parts procurement can be more efficient.

Minimization of life cycle costs in the use phase up to obsolescence

The fault resilience in the utilization phase until obsolescence depends on the degradation of the EM parameters of the design measures and components used for the operating conditions of the equipment, such as ambient temperature, humidity, corrosiveness and power quality. The occurrence of a fault is prospectively not deterministically predictable. The path to uninterrupted production, on the other hand, is the detection of an EM deviation, which can then lead to a proactive maintenance action with the specification of an acceptable schedule. A digital assistance system consisting of the software ESMA with correlated measurement system LogAmp gives the manufacturer and later the user the possibility to introduce a RCM (Reliability centered maintainance management) in-house and to follow a predictable or predictive maintenance concept in the utilization phase. This enables a risk-analytical evaluation of scalable EM detail design measures and a scalable maintenance effort with maintenance cost objectives. Likewise, the assurance of the long-term usability of the plant by reparability after obsolescence of original spare parts by definition of the EM installation conditions in case of replacement by alternative components succeeds.

ESMA LogAmp procedure for maintenance concept Reliability centered EMC maintainance

Due to the EM setpoints already defined inside the equipment during the design phase, the application of the LogAmp measuring method and the accompanying risk assessment by the ESMA software can maintain availability during the utilization phase and avoid production interruptions due to unexpected malfunctions. One way to achieve this already during and immediately after commissioning is the consistent use of a maintenance concept with condition monitoring with short maintenance intervals. By algorithmically evaluating the results of each maintenance, the interval until the next maintenance is adapted. If the digitally stored preliminary analyses of the components are used and supplemented by a close-meshed network of inspection intervals, downtimes can be reduced and maintenance can be better planned. With the help of such a maintenance concept, which is not based on manufacturer specifications but on fault resilience and probable material fatigue, the maintenance effort becomes scalable, which saves costs in the long term.

Due to today's fast innovation cycles or interrupted supply chains, original replacement components with identical EM parameters are not always procurable - and exact fault resilience after replacement is not predictable. If the EM interface parameters of components and assemblies are already stored in the assistance system during design or commissioning, replacements can be organized in good time during production breaks with acceptable time spans until proactive repair calculated algorithmically from maintenance results.

Author:
Josef Schmitz is a partner of J. Schmitz GmbH, an owner-managed competence center for all aspects of EMC. The service portfolio includes, among other things, an accredited measurement laboratory for CE conformity verification as well as competent EMC consulting for manufacturers with regard to the qualification of their products and the support of new developments. Further information: www.jschmitz.de/system-emv/vollversion-esma/

Feinmess Suhl GmbH's portfolio not only includes test equipment for product measurements such as fiducials or micrometers, but also systems for monitoring test equipment - these include, for example, fully automatic dial gauge and precision pointer testers, devices for gauge block, strip gauge or bore plug gauge testing, as well as horizontal and vertical length measuring systems. For more than ten years, the company has offered a calibration service. This came about through the calibration and certification of its own products. "We develop and design our own test equipment monitoring devices, such as probe test stations," says Norbert Heym, laboratory manager at Feinmess Suhl. "And we are the only laboratory in Germany that is DAkkS-accredited for incremental probes up to 100 mm."

Incremental Fine Probe IKF100D

The manually adjustable, incremental 100 mm fine probe is equipped with a PU26 display unit mounted directly on the fine probe with a resolution of 0.1 µm. The display unit visualizes the measurement results of the high-precision length measurement of workpieces, test specimens, measuring pins or gauge blocks. It can also be used as an interface for further processing of the collected data on the PC. The corresponding interface and visualization software FMS-View is included in the scope of delivery.

Abbe's comparator principle for highest measuring accuracy

The incremental fine probe operates on the basis of an optoelectronic measuring system. A prismatic rolling guide with scale is mounted on the base body of the fine probe. The fine probe is adjusted via a handwheel. The system accuracy is less than 0.3 µm. The measuring pin is on the same axis as the measuring system and complies with Abbe's comparator principle. According to the manufacturer, compliance with this principle guarantees the exceptionally high measuring accuracy of all incremental fine probes in the IKF series.

Further information under www.feinmess-suhl.de

The summer travel season is in full swing and many are looking forward to their well-deserved vacation. But while millions are happily planning and embarking on their trip, cybercriminals are forging their tactics for attacking or exploiting unsuspecting travelers. The prospects for loot are tempting, as potential victims are far less likely to be on secured networks while on vacation, for example, making them easier to attack. This makes it all the more important to observe a few basic security aspects in order to protect sensitive data and information as best as possible. Even simple actions such as using a public Wi-Fi in airports, hotels or tourist resorts can lead to devices being hacked. To protect travelers' identities, financial data, sensitive documents and passwords, specialists at IT security services provider Keeper Security advise the following:

#1 Do not show your location on social media.

Posting on social media is the favorite activity of many travelers when they visit a special place. However, posting the exact location (including geotags) during a stay can be very dangerous, because once the location is public, you can be targeted by cybercriminals. Even if it seems unlikely to you as a tourist, criminals who are well acquainted with the area can find you more easily. If you still want to post from your vacation, wait until you've moved to a new location. Better yet, save posting until you are back home.

#2 Avoid public Wi-Fi.

Even though it's difficult to find a reliably secure WLAN when traveling, security should always come first. If possible, you should avoid making a risky connection to a public WLAN network. The reason: once a device is connected to a public WLAN, attackers can perform a so-called MITM (man-in-the-middle) attack, which allows them to access your browser or apps and retrieve stored data. As a general rule of thumb, public WLAN networks should always be avoided.

#3 Consider using a VPN.

With a Virtual Private Network (VPN), you'll be protected while traveling, no matter from where you log on to the Internet. With a VPN you'll not only be able to protect your online identity and access a secure connection wherever you are, but you'll also be able to avoid bandwidth throttling this way.

#4 Upload important documents for backup.

Traveling to new and unfamiliar destinations can be quite chaotic. This increases the risk of important documents - such as passports, visas, medical documents, etc. - being stolen or misplaced. By uploading copies of these important documents to a secure password manager, you'll always have access to this digital backup in case documents are lost or stolen.

#5 Never take credentials in plain text with you when traveling.

When traveling, you always need access data for digital services, for example for online banking, travel agencies, health insurance or communication services. It is rare to know all the access data and passwords by heart, which is why they are written down somewhere on digital or manual notes. Under no circumstances should access data be carried on cell phones, tablets or even handwritten, which can be read and used by anyone who gets hold of the device or note. Store all access data in a secure password manager - ideally one that allows selected access data to be shared, for example within the family.

#6 Share emergency information with a trusted source.

Take security a step further and share important information with trusted people, such as family members or friends, to ensure they have access in case of an emergency. Use an encrypted service like One Time Share to securely share insurance information or identification documents with a trusted person for a limited time. This way, in the event of a medical or other emergency, your trusted person can provide assistance without having to reveal sensitive information via email, text message, or messaging.

IT security also important during the vacation season

Don't let hackers spoil your vacation. If you follow these six tips on your trip, you can be highly confident that you won't have to worry about cybercriminal activity.

Source: Keeper Security

At the end of June or beginning of July, school vacations began in parts of Switzerland and also in Germany, lasting until well into August. During this phase, many IT employees naturally go on vacation, so teams become smaller. Fewer heads have to handle the same amount of work. Never in the year is the risk of overlooking important events greater. Especially as data patterns and ways of working in companies change, because employees access company IT from different unsecured WLANs. Quickly checking emails during the vacations has long become commonplace.

Six tips on how to keep IT security high during the vacations

Hackers know that teams are understaffed during the vacations, experts in certain specialties, applications or defenses also take breaks, and users sometimes access data through unauthorized, insecure devices. Statistics for 2022 show that malware activity remained consistently high during the summer months. Mark Molyneux, EMEA CTO at Cohesity, a data security and management service provider, knows this phase from his time on the client side and offers six pieces of advice on how teams can prepare well and reduce the risk to IT.

1. Full concentration on operating mode: IT teams should determine that, as far as possible, they will switch to an operational mode during the summer break with the main goal of keeping IT running in its as-is state. Migrations and change processes or intensive rollouts should be postponed to other times. This does not mean completely suspending change processes. But they should be risk-weighted and driven by business criticality.
2. Respond to critical patches: Just in the middle of June, VMware launched a Patch for a critical vulnerability published in the vCenter Server. To properly classify such an event, IT teams should divide their systems and applications into so-called tiered resiliency categories. This allows them to clearly align their patching strategy, recoverability and service levels such as DTO, RPO, RTO to their applications and workloads. If the most critical tier is impacted, which is likely the case for a core element like VMware, teams should prioritize testing and rolling out that patch. Other lower-category incidents, on the other hand, can be triaged and parked until teams are complete or the respective platform experts are back from vacation. Incidentally, teams will benefit from this categorization throughout the year, as they can weight tasks according to business priority.
3. Make consequences transparent: This categorization also helps to better prioritize day-to-day tasks that arise. For example, if backup jobs fail on high-priority systems, teams should be sure to retrigger them to meet their recovery service levels and prevent data loss. Ideally, with modern data management systems, this is handled by an AI-driven automated background process that relieves the IT teams of this entirely.
4. Make knowledge gaps transparent: The larger the IT teams, the more members specialize in certain application architectures, systems, or programming languages. Teams should regularly assess their competencies and incorporate the results into staff development plans at least annually. This process is key to narrowing skill gaps or even closing them altogether. Teams should ideally coordinate their absences so that enough generalists can ensure ongoing operations. It remains inevitable that gaps in knowledge will occur during the vacation season because the Python expert is currently at the beach with his family. However, if this is clear within the team, remedial action can be taken for this time and responsibility can be distributed to the rest of the team to reduce the risk to this area.
   This organizational matrix should also record which special tasks the team members take on in everyday life. For example, an IT expert might clear the cache of a critical system by hand once a week to prevent the disks from filling up. If this colleague is on vacation, these tasks could fall by the wayside and the system could enter a critical state. This knowledge should be centrally recorded in order to be well prepared in the event of a crisis. Such process legacies can still be found in many companies.
5. Plan capacities: In summer, the data pattern in companies and, depending on the industry, user behavior changes dramatically. In a bank, credit card services are in demand in the summer, while mortgages are hardly processed. The load and volume of data will change. AI-powered analytics now help predict these trends and allocate sufficient resources.
6. Corporate management should be crisis-proof: Because teams are understaffed, the risk of a successful attack is higher. Boards and general managers should be aware that they will be involved in crisis management in the event of an emergency. Wherever they are in the summer, it will be critical to have all the necessary tools and information at hand to form the crisis team and kick off the process. Otherwise, valuable time will be lost.

"AI can dramatically reduce the enormous burden on IT and security teams during the vacation season by relieving them of many of the important but tedious tasks," said Mark Molyneux. "Providing comprehensive reports and clear and concise next steps gives visibility to operational groups that are usually understaffed for the difficult tasks ahead during the summer. For complex or important tasks, humans additionally intervene. In this way, AI can make a massive contribution to increasing cyber resilience against attacks, which ironically are increasingly being carried out by AI."

Source: Cohesity

The Swiss Cyber Security Days will now take place on February 20 and 21, 2024, at the BERNEXPO site and not on September 20 and 21, 2023, as initially communicated. According to the organizers, due to the change of the previous venue from Fribourg to Bern, the work around the event could only be started with delay. This was only insufficiently conducive to the ambitious goals of the SCSD, they continue.

New date is broadly supported

The decision was made by the SCSD organizing committee in close consultation with BERNEXPO, the strategic partners. "The decision to postpone the SCSD to February 2024 was not an easy one for us" says Doris Fiala, National Councillor of the FDP and President of the Swiss Cyber Security Days. "We want to organize a unique event in this urgent field. Together with our partners, we decided that a postponement would give us the time to meet the high expectations of the SCSD."

In the meantime, work on the Swiss Cyber Security Days 2024 is in full swing. Renowned partners such as Amazon, Cisco, IBM, Digital Realty, ServiceNow and Kasperski as well as national and international top speakers have already been recruited. Also on board are associations such as the Swiss Venture Club SVC, the Swiss Association of Municipalities and Cities, the Competence Center for Information Security Clusis, various cantonal trade and industry associations and others.

First program highlights defined, more to follow

Meanwhile, the first highlights in the program of the two-day Swiss Cyber Security Days could also be defined. Particularly noteworthy are the contributions of Dr. Jean-Marc Rickli from the Geneva Center for Security Policy GCSP and co-chair of the NATO consortium "Partnership for Peace" (PfPC) takes us on a journey into the topic of "Emerging Technologies". Whether brain-computer interfaces, self-learning humanoid robots, or the latest generation of facial recognition applications, emerging technologies have a major impact on global stability.

What does this mean in terms of society, regulatory frameworks and risk management? The 17-year-old Chilean Elisa Torres from "Girls in Quantum" shows the gigantic potential of quantum computing; IBM demonstrates how to use crypto methods today, which are already built quantum-safe, and the think tank "Pour Demain" awards the "AI Security Prize" for the first time. In addition, in cooperation with the Swiss Association of Municipalities, Swiss municipalities and SMEs will be empowered in hands-on workshop workshops to successfully defend themselves against cyber attacks, even with few resources. "Municipalities and SMEs are particularly vulnerable to crime and espionage from the cyber domain" says Christoph Niederberger, Director of the Swiss Association of Municipalities. "Such practical best-practice events are therefore great. It gives participants the opportunity to better protect themselves against the increasingly urgent threats from the digital space." Other exciting program items are being developed and are in some cases well advanced.

Further information: Swiss Cyber Security Days

Deloitte Private's Best Managed Companies Award, conducted in 46 countries, compares companies in a comprehensive assessment with Deloitte's globally recognized benchmark. This has been continuously developed over the 30 years since the program was launched. Participating companies receive an independent and substantive assessment of their governance practices and overall performance; this assessment shows them where their operations currently stand in four key corporate areas compared to a global community of over 1,300 exemplary managed companies.

Multi-stage evaluation procedure

The award is preceded by an intensive, multi-stage coaching and assessment process that all participating companies must undergo. The focus is on assessing performance in the four core areas of strategy, productivity & innovation, culture & commitment, and governance & finance. Companies that perform above average in all four categories have a chance of winning the award.

"From a business perspective, the past twelve months since the last award have not been an easy time: soaring inflation, disrupted supply chains, high energy prices and the shortage of skilled labor present a complex set of business risks. What sets this year's winners apart is their agility and resilience - the ability and willingness to persevere in difficult times, position themselves in a volatile market and respond effectively to change," said Andreas Bodenmann, program officer and head of Deloitte Private. "The six winners are at the forefront of their industries. They have demonstrated creativity and innovation in impressive ways. And they have managed to maintain their core values while moving into the future with a clear focus on growth."

Exemplary corporate governance: the Best Managed Companies 2023

Six privately or family-owned companies were honored as "Best Managed Companies":

• ATP adhesive systems AG specializes in the development and manufacture of adhesive tape solutions. With modern production processes and an internationally established distribution network, ATP has been supplying a large number of industrial customers worldwide, for example in the automotive, electrical and healthcare industries, for over 35 years.
• The ECSA Group, now in its fourth generation of international management, was founded in 1913 and today operates in four main sectors: ECSA Chemicals AG in the international trade of raw materials and chemicals, ECSA Energy SA in the distribution of petroleum products and the operation of service stations, ECSA Maintenance AG in the distribution of specialized industrial supplies, and Suncolor SA in the distribution of paints, varnishes and insulating materials.
• The family-owned chocolate manufacturer Läderach (Switzerland) AG was founded in the 1960s and today operates in 16 countries, including South Korea, the USA and the UK. Many products are still made by hand, underscoring the chocolatier's tradition and making the company a master of its craft. The result is Swiss chocolate made from the finest raw materials.
• Teoxane Laboratories SA specializes in the development of hyaluronic acid solutions and, with over 20 years of experience, is now a pioneer in the science of facial beauty. The company combines innovation, quality and consumer safety to develop high-performance hyaluronic acid dermal fillers and dermocosmetics based on rigorous scientific research.
• Variosystems AG is an electronics service provider offering uniform and complete end-to-end solutions worldwide. From product design to finished electronic assemblies, devices or systems, products are offered with long-term support, including logistics and end-of-life services.
• The Vista Group is one of the leading private centers of excellence for ophthalmology in Switzerland. Founded more than 30 years ago, Vista offers treatments and procedures around the eye at its 31 locations, providing lifelong care. With its own research department and its comprehensive education and training program, Vista has been a recognized training clinic for more than ten years.

The competition does not end after one year: All companies can regularly undergo the same audit, take part in workshops and qualify again. This year, six companies that had previously won the Best Managed Companies Award succeeded in doing so. This illustrious circle includes, for example, the Capri Sun Group, MindMaze, the Wipf Group, Groupe Acrotec SA, the Suhner Group and Precipart.

Commitment to Switzerland as a business location

"The Best Managed Companies Award is an incentive for all companies to shape their future with foresight, a sense of innovation and a good management culture. As drivers of innovation, privately managed companies are important for a diverse and strong Swiss location," emphasizes Andreas Bodenmann. "As an audit and advisory firm, Deloitte Private supports such companies in their challenges in the areas of growth, compliance, reporting and auditing, and tailors the versatile services from the entire Deloitte universe to their specific needs so that these companies can hold their own and successfully position themselves for the future."

On this year's jury, Nadja Lang, CEO of the ZFV-Unternehmungen cooperative, Jens Breu, CEO of SFS Group, Gilles Stuck, Head of Market Switzerland at Julius Baer, Tanja Vainio, Country President of Schneider Electric Switzerland, and Prof. Dr. Thomas Straub, Associate Professor at the University of Geneva for Strategic Management and Corporate Strategy, evaluated the participating companies.

Source: Deloitte

The company Digital Realty operates several data centers worldwide and regularly conducts studies on cloud trends. The third edition has just been published. Arne Benox, Sales & Business Development Manager at Digital Realty Switzerland, talks below about what he has learned from the study about the strategies of Swiss companies, what the next steps in their journey to the clouds might look like - and what he advises companies that may not yet be as far along as their competitors.

Have Swiss companies reached the goal of their multi-cloud plans?

Not for a long time yet. The concept of multi-cloud runs through all the needs and strategies of companies. Over the last few years, we have observed a high level of dynamism. To the degree that the technology of a dedicated cloud is becoming more accessible, the strategies are also changing. The interaction between the clouds is also improving. I see this as a development in line with needs, and I am sure that this will continue. I expect that in the next few years there will be a big trend towards connecting the clouds with each other even more. This stems from facts such as the fact that the number of companies relying on up to ten cloud providers for SaaS has increased significantly over the years: from 15.8 percent in 2018 to 45.3 percent in 2020 and then to 52.7 percent in 2023. 

As the needs of businesses change, the topic will continue to evolve. In the end, just as the study predicts, there will not be a single cloud or an exclusively private cloud. Enterprises will combine different clouds to do their different jobs.

The study relates exclusively to Swiss companies. Digital Realty is a global provider. Do the results in Switzerland match the experience in other countries? If not, what makes Switzerland different? 

There are generally differences in development over time. Some countries, such as Switzerland, are faster than others in global terms, including Germany and Austria, ahead of which Switzerland has a lead of one to two years. This also depends on the level of digitization in the individual countries. How good is the available connectivity? What bandwidths are available via which technologies? The keys to all cloud technologies are available connectivity and security. In countries where conditions are similar to Switzerland, we see similar trends. In regions where this is not the case, where other data protection laws play a role, or where bandwidth is not available, we observe that they are catching up and may even develop a bit faster in the process, as they can skip some steps we had to take.

What do you think are the reasons that on-premises cloud service providers perform so well compared to hyperscalers?
 
I would phrase the question differently, because local providers, integrators or software developers, serve completely different needs, they can respond much better to individual requirements. They can offer tailored solutions or penetrate niche markets that are not interesting for hyperscalers because of lower scalability. Many local providers are developing their own cloud services and we see this being accepted by customers. For example, there are many private banks in Switzerland that differentiate themselves differently to their customers than global banks. This results in special requirements that are very well covered by small providers that are native to the same market as their customers.

Against this background, what about the prospect of future growth of companies, perhaps also across national borders? 

Many companies grow under their own steam up to a certain point, and then continue to grow through mergers and acquisitions. At that point, very different cloud strategies, application landscapes and data sources usually come together. This is where our ServiceFabric solution comes into play. It allows companies to quickly connect disparate data, applications and cloud services across multiple locations, including colocation data centers and even data centers from providers other than Digital Realty, currently over 700. This scenario is typical of the future of the cloud. It's not just about making certain services like Microsoft 365 available for office communications, but the various cloud applications that our Study in detail, to network with each other, to bring together information in order to make smart decisions based on the data.

What conclusion would you like to draw from the study for IT managers in Swiss companies? 

Multi-cloud is a reality and the barriers to entering a colocation data center with solutions for public clouds, private clouds and multi-clouds are getting lower. It no longer takes much courage to get involved, as factors such as data protection laws are being implemented with increasing sophistication. This ensures that data is well protected within the data center. What's more, you don't have to worry about connectivity in our data centers, and we also cover issues such as environmental aspects and certification. In times when it is becoming more and more difficult for companies to meet the increasing requirements for the operation of their IT on their own, the step to an external data center makes economic sense - and as our study shows, an increasing number of Swiss companies are taking this step. 

Source and further information: Interxion