When you click on "Accept all cookies"click, you agree to the storage of cookies on your device to improve website navigation, analyze site usage, and support our marketing efforts. For more information, see our privacy policy.

Privacy preferences

When you visit websites, they can save or retrieve data in your browser. This storage is often required for the basic functions of the website. The storage can be used for marketing, analytics, and website personalization, such as saving your preferences. Data protection is important to us, so you have the option to disable certain types of storage that are not necessary for the basic function of the website. Blocking categories may affect your experience on the site.

Reject all cookies Allow all cookies

Manage consent preferences by category

Essential

Always active

These elements are required to enable the basic functions of the website.

marketing

Essential

These elements are used to deliver advertising that is more relevant to you and your interests. They can also be used to limit the number of ads shown and to measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the website operator.

Personalization

Essential

This data allows the website to remember choices you make (such as your username, language, or the region you are in) and offer enhanced, more personalized features. For example, a website can offer you local weather reports or traffic news by saving data about your current location.

Analytics

Essential

This data helps the website operator understand how their website works, how visitors interact with the website and whether there may be technical problems. This type of storage generally does not collect information that identifies a visitor.

Confirm and close my settings

Turning the “human factor” from a security risk to a strength

Stefan Haller

16.12.2024

Mr. Hostettler, Mr. Haller, why is the topic of “cybersecurity” such a burning one today?

Marcel Hostettler: That has to do with the fact that every person who is in cyberspace is a potential victim of various threats. Linkyard's customers included municipalities as well as corporations and SMEs — and they are all at risk in their own individual ways. SMEs are particularly targeted by cyber criminals because they have certain gaps in terms of security.

Stefan Haller: The topic is also so present because the threat situation has changed significantly: The attackers are acting noticeably more professionally than they were just a few years ago. While hacker attacks used to involve the acts of individuals, which were mostly ideologically driven, cybercrime has now become big business — including division of labor, professional tools, and specializations. This significantly increases the risk and increases the number of committed and successful attacks. This is critical because cybercrime is becoming a lucrative business model that makes a lot of money. Ransomware attacks, for example, are comparatively easy to monetize and thanks to Bitcoin and Co., the (ransom) cash flows are also anonymous.

Nevertheless, SMEs in particular still often believe that they are not attractive enough for cyber attacks. How do you rate that?

Marcel Hostettler: Unfortunately, that is a big fallacy. Many SMEs have now migrated to the cloud and rely on the operators of these infrastructures to cover security issues. Unfortunately, this is not enough, as technical security alone unfortunately does not protect against attacks. Because humans are still the primary target of cyber criminals and therefore remain the key to successful attacks. And that is exactly where we want and must use the lever. In this context, we speak of the “human firewall.”

What is a human firewall?

Marcel Hostettler: We are firmly convinced that safety must come before people — after all, they are also considered the number one source of danger. In order to form a stable and secure human firewall against cyber attacks, awareness of secure online behavior must be increased and anchored in the corporate culture. But practice shows time and again that attention to the topic is extremely short. This is not surprising in itself, because cybersecurity is still a side scene for companies, not the core task. That is why safety training in companies usually only leads to a briefly rising sensitivity curve - which then quickly flattens out again in everyday stress. With our subscription approach, we try to keep awareness at a constant level. And this consistency forms the foundation of the Human Firewall, so to speak.

Stefan Haller: A reliable safety culture is also so important because the maturity of technology has increased enormously. Unlike in the past, it is almost hopeless today to want to attack a well-maintained Windows system. Without exception, such applications are hosted by companies that know exactly what they are doing. Attackers don't like to race against well-protected infrastructure, but rather stroll through the open back entrance. That is why end users are increasingly being used as a security vulnerability. Cybercrime is therefore increasingly shifting towards fraud attempts, with artificial intelligence in particular becoming a key technology. Entire companies are already being simulated and new employees receive, for example, an email from the alleged new boss asking them to provide passwords, etc. The AI automatically extracts the necessary information for these scams from LinkedIn and other platforms and websites and formulates individualized emails in the recipient's language. The human firewall is an antidote to the effectiveness of this approach.

But how do you prevent interest in safety issues from flattening out immediately after a workshop?

Marcel Hostettler: We focus on continuously addressing the topic. In doing so, we make sure not to bore people and use tools such as gamification to keep interest acute. Our subscription model, which has already been mentioned, is central in this context. This consists of three important components. The first consists of setting up a risk management system. Especially in SMEs, these important management tools for the IT sector are often incomplete. We support this by helping to integrate IT-related risk management into the overall operational strategy. As a second component, we focus on creating awareness to maximize protection against ransomware, social engineering, etc. In doing so, we also identify and close security gaps such as insufficient passwords, consider the necessary security measures for remote work and conduct an initial workshop for risk management. We then present the campaign roadmap, which includes security awareness courses, simulated attacks, and various training courses. These measures and events take place throughout the year, in appropriate doses. Depending on the company's graduation, the timetable is more intensive or includes special topics that particularly affect the respective company.

And what is the third subscription aspect?

Stefan Haller: We carry out continuous monitoring to prevent and ward off potential attacks. Because there are many indications of an imminent attack: For example, a sign of an attack can be that URLs are being reserved that sound similar to those of your own company. This suggests that people with false links will be misled in the future.

Marcel Hostettler: Our customers benefit from the fact that we at linkyard are very diverse and have comprehensive expertise. Because we want to create a real understanding of security — and we can do that because we speak the language of administrations and industry. Part of this mindset is also lived agility: We offer the creation of practical risk management for IT, even separately from a subscription, if this better meets the needs of a company. This customer-focused approach sets us apart. The initial assessment of the situation can still form the basis for further cooperation later on.

‍

Here Click here for the original interview by “Business Pointers” from 28.09.2024.