Challenges in sensitization and project management

According to the federal government's expert report on cyber risks in Switzerland, the spectrum of attacks is wide: destruction of websites, criminal activities such as phishing or blackmail by means of denial-of-service attacks, through to very targeted spy attacks and sabotage of infrastructures and companies. Many companies therefore invest thousands of francs and hours of working time in security solutions to protect themselves against these attacks.

The human factor as a decisive component
But even with the best IT programs for cyber security, an organization is not fully protected against external attacks. The human factor remains the decisive component in whether a company's IT remains protected or criminals gain entry. Di-verse studies show that more than 80 percent of the time it is human error that allows criminals into the corporate network, bypassing security mechanisms. The decisive factor is therefore whether employees in their companies are trained in cyberattacks and their consequences. Numerous companies have already recognized that there is enormous potential in this area. The global education market in the area of cyber security is growing by 20 percent annually.

Trained employees minimize safety risks
The Neuchâtel start-up Megaverse has also specialised in this direction and entered the EdTech market. The company has developed software that allows employees to learn how to deal with cyber security in a fun way. With the help of Artificial Intelligence (AI), Megaverse goes one step further than conventional platforms. Through playful tasks, the program automatically adapts to the level of the user and shows the current state of knowledge in an overview and a report. The first to implement Megaverse's software in their companies include Helvetia, a leading private bank, and a leading watchmaking group in Geneva. "This first phase is particularly attractive to customers because they can actively participate in the design and implementation of the learning platform," says CEO Cécile Maye. The learning platform is accessible 24/7 and available as a desktop solution that uses 3D scenarios in real time (virtual, augmented and mixed). The immersive learning experience provides users with a total of over 80 realistic tasks at different levels. These include the areas of the Internet, hardware and the handling of passwords. In this way, employees are made aware of the effects a cyberattack can have on them and the company. The adaptive learning platform can be adapted to company-specific requirements in order to create scenarios that are as realistic as possible. Megaverse is part of the EdTech Collider at EPFL in Lausanne. EdTech Collider is the first collaborative platform in Switzerland aimed at companies that want to transform education through technology. Currently, the platform has over 75 members.

Project management as a decisive building block
in the cyber security environment Cyber security also plays an important role in the public authority environment. At the beginning of this year, the Federal Council gave the go-ahead for a new competence centre to be created in the area of cyber security. The competence centre is to become a national point of contact for questions relating to cyber risks. However, the Confederation must not only be in the know, but also protected against cyber attacks itself. One company that manages security projects in the federal environment is the ICT consulting firm Ironforge Consulting AG. It is not uncommon for the federal government to request external support, says Managing Director Gianni Lepore. ICT security applications are complex and multi-layered. In addition, there are the requirements of the various administrative units, which have special processes that must be coordinated with each other. If this coordination does not take place, IT security can be compromised. According to Head of Sales, René Känzig, Iron- forge AG, the security requirements for projects with the federal government are demanding. For example, all project employees are subjected to a personal security check and then work partly in protected, tap-proof rooms. "The service recipients of the federal administration want to be sure that sufficient ICT protection is available," says Känzig.

A considered approach brings good results
Often a clearly defined project brief is drawn up with the partner and the focus is on a problem to be solved, says Gianni Lepore. The needs must first be worked out before the actual project can begin. In ICT projects in the federal environment, clear change management is also of great importance. This avoids implementing something that does not comply with the applicable security requirements. Gianni Lepore adds: "It is of central importance to correctly assess the circumstances in the various departments in order to find the best solutions that will also function efficiently in operation.

It can therefore be seen that specialist companies should be used for both project planning and the subsequent sensitisation of employees. Cyber security is a de- scribed topic, but a well-considered approach brings correspondingly good results.

It is therefore obvious that, on the one hand, good and comprehensive project management is of decisive importance during project planning, but also during the subsequent sensitisation of employees. All affected areas, departments, employees and company guidelines must be included. After all, cyber security is a delicate topic that requires a precise approach.