Défis au niveau sensibilisation et gestion de projet

According to the report of the Confederation's experts on cyber-risks in Switzerland, there is a wide range of attacks: destruction of Internet sites, criminal activities such as phishing or extortion by means of Denial of Service attacks, even very serious espionage attacks and the sabotage of infrastructures and companies. Nombre d'entre-elles invests donc des milliers de francs et d'heures de travail dans des solutions de sécurité pour se protéger contre ces attaques.

L'essentiel du facteur humain
However, even with the best IT programmes for cyber security, an organisation is not completely protected against external attacks. The human factor remains the essential element for determining whether a company's IT system continues to be protected or whether criminals have access to it. Various studies show that human error is at the root of the fact that more than 80 per cent of all criminals are able to access the company's IT system without breaking the security mechanisms. The decisive factor is therefore knowing whether the employees are trained by their company to deal with cyber attacks and their consequences. Many companies have already acknowledged the existence of enormous potential in this area. The global market for cyber security education is growing at an annual rate of 20 %.

Des employés formés pour minimiser les risques de sécurité
Megaverse, a start-up from Neuchâtel, is also a specialist in this field and has entered the EdTech market. The company has developed a software that allows employees to learn how to use cybersecurity in a fun way. Avec l'aide de l'intelligence artificielle (IA), Megaverse va plus loin que les plateformes conventionnelles. Grâce à des tâches ludiques, le program s'adaptte automatiquement au niveau de l'utilisateur et affiche l'état actuel des connaissances dans un aperçu et un rapport. Helvetia, a first private bank and a first group of horlogers in Geneva, were the first to implement the Megaverse logic in their companies. "This first phase is particularly attractive for clients, because they can actively participate in the design and implementation of the educational platform," explains Cécile Maye, CEO. La plateforme éducative est ac-cessible 24 heures sur 24 et est disponible comme une solution de desktop utilisant des scénarios 3D en temps réel (virtuelle, augmen-tée et mixte). L'expérience éducative immersive offre aux utilisateurs plus de 80 tâches réalistes à différents niveaux, notamment dans les domaines d'internet, du hardware et de la gestion des mots de passe. The employees are thus made aware of the impact that a cyber-attack can have on them and on the company. The adaptive educational platform can adapt to the specific needs of the company in order to create scenarios that are as realistic as possible. Megaverse is part of the EdTech Collider at EPFL in Lausanne. EdTech Collider is the first collaborative platform in Switzerland dedicated to companies that want to change education through technology. The platform now has more than 75 members.

La gestion de projet en tant qu'élément clé de l'environnement de cyber-sécurité
Cyber security also plays an important role in the federal environment. The Federal Council gave its green light to the creation of a new centre of expertise in the field of cyber security at the beginning of the year. The centre of expertise is called upon to become a national point of contact for questions relating to cyber-risks. However, the Federal Government must not only be aware of cyber-risks, it must also be pro-active itself against cyber-attacks. The ICT consulting company Ironforge Consulting AG is a company that develops security projects in the federal context. It is not uncommon for the federal government to require external assistance, explains general manager Gianni Lepore. ICT security applications are complex and multidimensional. There are also the demands of the various administrative units with specific processes that must be adapted from one to the other. If this coordination does not take place, IT security may be compromised. According to René Känzig, Director of Sales at Ironforge AG, the security requirements for projects with the Confederation are very high. Every project collaborator is subject to a personnel security check and then works in protected premises and at a safe distance. "The Federal Administration's service providers want to ensure that there is sufficient protection in the ICT sector," explains Mr Känzig.

Une bonne gestion globale est important
A clearly defined project mission is often worked out with the partner and the focus is placed on a problem to be solved, explains Gianni Lepore. The needs must be determined before the project can be launched. A well-defined management of change is also of great importance for ICT projects in the federal context. In this way, we avoid implementing anything that does not comply with the security requirements in force. Gianni Lepore adds : "It is primordial to correctly evaluate the conditions in the different departments in order to find the best solutions to ensure that they are subsequently perfectly exploitable. »

This shows that it is not only the planning of projects, but also the sensitisation of employees to the results that require the intervention of specialist companies. Cyber-security is a sensitive subject, but a moderately refl ective approach yields positive results.

It is therefore clear that good global management of the project is of crucial importance, whether for the planning of the project or for raising the awareness of employees in the future. All the domains concerned - departments, employees and company directives - must be included, because cyber security is a delicate issue that requires a precise approach.