Skip to main content

Cyber security for the digitized and networked world

Cyber security for the digitized and networked world

Are you armed against cyber-attacks?

No company is safe from cybercriminals. Everyone has heard of hacker attacks, but few companies are really prepared.

In our latest Technology Circle (20.09.22), we invited five experts to speak about cyber security. Learn from them how hackers think and what you can do to keep your company safe.

Cyber defense in the current threatened environment

In a 2022 study on data breaches, IBM calculated that a data breach costs a company $4,35 million on average and takes 277 days to identify and contain.

But not just money is at stake. In Germany, a hospital couldn’t admit new patients for 30 days because of a ransomware attack.

How hackers think

Many different intentions can be behind a cyber attack. Most perpetrators want money, some want to hurt a company and others just love the challenge. To take the necessary precautions, cyber security specialists need to get into the mind of a hacker.

The result of such an exercise is the MITRE ATT&CK Entreprise Framework.

Hackers start with reconnaissance to gather intel on vulnerabilities. Then they develop resources like malware to exploit those vulnerabilities and gain initial access to one part of the system. Within weeks to months, they run through several more steps until they create the desired impact.

Cyber security is a key topic for many companies. A cyber attack has an immense impact, ranging from reputational and financial loss to the imprisonment of the executives who failed to ensure due care.

Dr. Michael HanspachAssociate Partner and Cyber Security Lead at Q-PERIOR AG

Q_PERIOR on cyber security

Q_PERIOR is one of the leading management consulting companies in the German-speaking area and has been building out its cyber security department for the last two years. To get the latest insight about cyber security, visit their website.

Identity is the new security perimeter

The paramount question in the cyber security world is: How can we certify that the right person is trying to connect to an application or IT system?

A recent example illustrates the importance of identification.

In May 2021, a ransomware attack brought a major gas pipeline to a standstill. Hackers got hold of an exposed password and were able to use it without further identity checks to shut down the pipeline. As a result, gas prices started soaring and US president Joe Biden had to declare a state of emergency two days later.

The old paradigm

The old approach assumed that whoever was inside a digital perimeter had proved their right to be there. Once I enter the password or sit in front of the on-site computer, I can access all data and applications.

The new paradigm

As more and more hackers exploited this simple weakness, cyber security had to move towards adopting Zero Trust principles. We always assume that a breach has happened and have a strategy in place to defend our assets, like only giving users access to data and applications they need.

The goal is a Zero Trust and Identity First security approach. We never trust and always verify but with the least friction possible.

That means we give the right people the right level of access to the right resources in the right context that is continuously assessed.

The client advisor of a bank might be able to only view data like transactions and personal client information. The payment operator can transfer money between accounts but not access any personal client information. Both have to work on-site. Access to sensitive information in the context of remote work isn’t possible. And if they were to switch roles, the access would have to be reassessed.

The paramount question in the cyber security world is: How can we certify that the right person is trying to connect to an application or IT system?

Jonathan FussnerChief Corporate Development at Systancia & Chairmen at Neomia

Behavioral authentication

In IT, authentication means verifying the identity of a user or process.

The simplest form of authentication is a password. The next step is two-factor authentication via confirmation email or SMS. Other common authentication methods include authenticator apps, key cards and one-time password tokens.

Systancia is working with Neomia on Pulse, a new approach to authentication. One that is not only safer and more reliable but also less intrusive than even typing a password. It’s powered by AI and uses a combination of behavioral biometrics and context to verify the identity of the user.

In other words, you interact with an application or website as you always do. Pulse collects and analyzes your behavior like click rate, mouse movement pattern and typing speed. It also considers your location, device type and other context information to generate an authenticity score.

Based on this score, you have access or get shut out. In the best-case scenario, you can access all your data without even having to type a password. If the behavioral score is too low, you have to verify your identity through other means.

Integrate Pulse today

If you’re interested in the new way of simpler and safer authentication, ask for a demo or try Pulse for yourself.

Playfully to safer behavior

Video games have long been more than just a pastime for teenagers. Fabula Games uses so-called serious games to playfully teach important subjects in the business world.

Serious games have a defined purpose. They teach you something about the real world, using game principles to make learning more fun and memorable.

And it’s working!

Serious games have an astounding closing quote and learning effectiveness compared to more traditional learning methods like reading and e-learnings.

The weakest link is humans

Everyone in cyber security knows that a company’s most commonly exploited weak point is its employees.

That’s why companies pay millions for cyber security awareness training. The efficacy is often underwhelming, as illustrated by the graph above. It’s also recommended to repeat cyber security awareness training several times a year, which can be repetitive and boring for many employees.

With serious games, cyber security training becomes not only more effective and more fun but can also be expanded with new mini-games and levels whenever necessary.

Video games have long been more than just a pastime for teenagers. Fabula Games uses so-called serious games to playfully teach important subjects in the business world.

Eric FluryPartner at Fabula Games GmbH

The 5 criteria for effective cyber security training.

  1. Activation
    We want the employees to get out of a passive consumer mindset. Training isn’t just sitting in a chair and listening to someone speak. Ideally, we want them to take action, get a reaction and then take action again in the first 60 seconds of the training.
  2. Motivation
    Employees have to be intrinsically motivated. They have to want to move forward with the training and learn more. We achieve this with excitement, fun, competition, curiosity and entertainment.
  3. Investment
    The more employees invest in their own training, the more valuable the training becomes to them. We let them create avatars, enter personal data and make decisions. The training then addresses their choices again and again.
  4. Simulation
    Simulations allow employees to fail without consequences and learn from their mistakes. This links the learned content with their sensory perception and allows for a holistic learning experience.
  5. Immersion
    Ideally, employees are so immersed in their training that they forget it’s training. If we can make cyber security training a great experience rather than a learning session, employees will look forward to it.

Tap into the power of serious gaming.

If you want to try serious games for your company’s training, head over to the Fabula Games website and request a free demo.

The day-to-day operations of a security operations center

Hacking has developed into a big industry on its own. Just like regular tech companies, hackers develop SaaS products (ransomware software, for example), complete with customer support. They even offer bounties for anyone who finds a vulnerability in their software of up to $1 million — more than any regular company ever pays!

It’s a lucrative industry.

Martin walks us through a real case of a man who used ransomware attacks to extort hundreds of thousands of dollars from companies without knowing how to write a single line of code.

Every company can get hacked. Just recently, an 18-year-old kid gained full access to Uber and leaked millions of passwords. He didn’t want any money, just to prove that he could do it.

Martin LutzHead of Security Operations Center at Axians

The scary thing is everyone can do it. Copying the strategy step by step isn’t hard and the chances of getting caught are very slim.

That’s why Martin asked us not to share details of this story. But it became painfully clear for everyone in the room how easily their company could fall victim to a cyber attack.

Before the delicious apéro, we got to see a cyber security center in action. Freddy invited us to turn off our phones, voice recorders and cameras to take a look behind the scenes and learn more about how Axians monitors its clients and what applications are used.

We even got to hear some incredible stories from the analysts who were working at the time, all of which are confidential.

Freddy BürkliHead of BU Cyber Security at Axians

To get the most out of the next event, join!

Your next steps to cyber security in your company

At the apéro, we got a chance to ask Martin a few more questions. If you own a company and haven’t thought about cyber security, here’s how to start.

What are the top 3 cyber security measures every company should implement?

The first measure every company should have in place is backups. Backups of everything. Most people don’t think they’ll be attacked and therefore don’t prepare for it. The second measure is an instant response plan. In an attack, it should be clear who is responsible for doing what and how. The third measure is implementing an endpoint solution that covers the basics and prevents most types of attacks.

Who should outsource their cyber security?

It’s generally very difficult to find talent in cyber security, even more so in Switzerland. If you find someone for hire, they’ll be extremely expensive. That’s why outsourcing is mostly a cost-based decision.

What can company owners do themselves?

If you want to take matters into your own hands, at least engage a cyber security consulting company to conduct a review. Based on that review and the action plan that comes with it, you can determine what you’re able to implement on your own.

Let us introduce ourselves.

The Industrial Transformation initiative: Realize digital transformation in your company.

The production industry is a significant economic sector in the Basel Area. To help companies succeed, we bring together stakeholders from industry, academia and startups to collectively advance innovation in the field of Industry 4.0.

Our Industrial Transformation team’s activities include:

  • A series of public events for the industry dedicated to technologies important for the innovative development of our tri-national region.
  • Promote cooperation between entrepreneurs and academia.
  • Technology circles Industry 4.0 Events and workshops on Industrial transformationIoT and advanced technologies for digital transformation.
  • An AI4 and SME program for the collective and concrete development of Proofs of Concept with Artificial Intelligence Innovative solutions for the production industry.
  • The i4Challenge accelerator for SMEs, startups and new ideas for Industry 4.0.

Industrial Transformation is a initiative from Basel Area Business & Innovation

Basel Area Business & Innovation is a non-profit investment and innovation promotion agency on a mission to establish the Basel Area as the Swiss business and innovation hub of the future.

The Basel Area is the name of the economic region of Basel-Stadt, Basel-Landschaft and Jura. Companies, institutions and startups that want to explore business opportunities here can profit from our services in three main categories:

  • Invest: We help foreign or outer-cantonal businesses set up and find footing in the Basel Area.
  • Innovate: We mentor and accelerate companies in the Basel Area that focus on life sciences and industry 4.0.
  • Switzerland Innovation Park: We offer four locations with fully equipped labs and office space for collaborative innovation.

Our new Main Campus

Welcome to 50’000 m² of interconnected innovation space. As part of the most dynamic life sciences cluster in Europe with over 700 companies in the Basel Area, this iconic campus will become a meeting point for biotech and healthcare trailblazers. The landmark architecture by Herzog & de Meuron, developed by SENN, actively promotes exchange and offers an attractive and state-of-the-art working environment for startups, scaleups and established companies.

Realize digital transformation in your company

Industry is a significant economic sector in the Basel Area. To help companies succeed, we bring together stakeholders from industry, academia and startups to collectively advance innovation in the field of Industry 4.0.

Our selected activities include:

  • A series of public events dedicated to technologies important for the innovative development of our tri-national region.
  • Events and workshops on Industrial IoT and advanced technologies for digital transformation.
  • An AI and SME program for the collective development of innovative solutions for the industry.
  • The i4Challenge accelerator for SMEs, startups and new ideas for Industry 4.0.

And we’re not alone

We collaborate with partners who share this vision. This event was the 9th iteration of the Technology Circle, an event series focused on industrial transformation, where we invite our partners to speak on their topic of expertise to a live audience.

The international center of excellence for Industry 4.0

uptownBasel

For this event, our partner uptownBasel offered us a spacious conference room next to the Axians security operations center, which we got to tour after the speeches. And after the tour, we enjoyed a rich apéro under the last sun rays on the rooftop terrace.

You may also be interested in

Roche investiert in Basel zusätzliche 1,2 Milliarden Franken

Roche steckt in den nächsten Jahren weitere 1,2 Milliarden Franken in die Erneuerung seines Standorts in Basel. Die Investition fliesst...
Weiterlesen

Nouscom erhält 67,5 Millionen Euro Finanzierung

Die Biotech-Firma Nouscom hat bei einer Serie C-Finanzierung 67,5 Millionen Euro eingenommen. Das Unternehmen aus Basel will damit die klinische...
Weiterlesen

Wie offene Innovation die digitale Gesundheitsversorgung vorantreibt

Wie die zunehmende Verbreitung digitaler Lösungen das Engagement der Patienten fördert, den Zugang zur Versorgung verbessert und die Kosten der...
Weiterlesen

Wie Sie mit Ihrem Medizinprodukt auf den US-Markt kommen

In einer unserer vergangenen Venture Mentoring-Veranstaltungen von Basel Are Business & Innovation haben wir Nila-Pia Rähle eingeladen, über den Marktzugang...
Weiterlesen

Paradigmenwechsel in der Schmerzbehandlung

Schmerz ist eine überlebenswichtige Empfindung, aber er kann auch zu Depressionen und langfristigem Leiden führen, wenn er nicht richtig behandelt...
Weiterlesen

BOOM Summit in Basel soll Health-Technologien vorantreiben

Der BOOM Summit in der Messe Basel im April 2024 wird eine völlig neue Art von Gesundheitskonferenz sein. Die erste...
Weiterlesen