Security
19.09.2022

“Human beings are and remain the number one target of attacks”.

Employees are the most important link in the security chain in the fight against cybercrime, says Marcus Beyer from Swisscom. He presents the contents of his talk at the Internet Security Days (ISD) presentation in a short interview. The eco Association invites you to attend this IT security conference on 29-30 September 2022 at Phantasialand Brühl, Germany. 

 

Mr Beyer, why is employee awareness-raising not running optimally in many companies?
On the one hand, in many cases, many employers are not really in touch with the issues that affect their employees. What keeps them motivated? What are the needs of the workforce? What are the risks that affect them? The focus on the human factor is often limited to the implementation of regulatory requirements or compliance with standards without knowing whether the staff is ready to implement them. Secondly, staff awareness-raising often lacks priority and resources. As a result, many staff awareness-raising measures are bland, boring and uninteresting. You won’t attract anyone to the screen for that. 

What special requirements apply to critical infrastructure companies?
There is no doubt that a thorough understanding of the human factor is necessary here. The human beings are and remain the number one target of attack. In order to be able to react and act safely, however, you also need educated and trained employees at all levels, the right attitude and a healthy error culture. If something happens, you have to be able to react quickly and promptly. 

What advice do you have for communication and training measures?
Communication needs a story. Storytelling is also important for security issues. Employees only feel addressed and involved if the communication is geared towards them, involves them emotionally and is designed in an exciting way. Nothing is more boring than yesterday’s clickable eLearning module. In addition, you have to see yourself as a system designer. It is about a healthy interplay between applicable rules, usable technology and the involvement of employees. 

Mr Weiss, thank you very much for the interview. 

As part of the Internet Security Days (ISD) 2022, Marcus Beyer will present new ways of raising employee awareness and insights at Swisscom (Switzerland) Ltd on 30 September under the motto “Security Awareness Must Rock”. 

 

Marcus Beyer

You might also be interested in

NIS in Space with eco and DLR: Critical Infrastructures in Space and on Earth 2
KRITIS

NIS in Space with eco and DLR: Critical Infrastructures in Space and on Earth

Satellites are naturally considered part of the critical infrastructure – however only a small part of their ground stations are regulated as “Critical infrastructures” (KRITIS) under the law. The eco meets DLR event in April shed light on the future legal implications of NIS2 and the KRITIS Umbrella Act and provided concrete examples of how to best prepare for attacks.
25.04.2024
5 Questions for Michael Sicklinger, Arista Networks
eco

5 Questions for Michael Sicklinger, Arista Networks

In an eco-member interview, Michael Sicklinger from Arista Networks GmbH talks about how automation can reduce cost pressures in companies while still meeting high security requirements.
22.04.2024
5 Questions for Maurice Striek, NVISO GmbH
eco

5 Questions for Maurice Striek, NVISO GmbH

How can security risks be monitored and managed more efficiently in order to meet stricter regulatory requirements such as the NIS2 Directive and the KRITIS DachG? Maurice Striek from NVISO GmbH talks about this in an eco member interview.
15.04.2024