CASE STUDIES

Raiffeisen, the human variable in security risk management

Overview

Raiffeisen is the banking association representing all the Rural Banks in South Tyrol, which were established to support local farms. With 39 banks located throughout the territory, the Raiffeisen Association is the leading financial institution in South Tyrol. Through its activities, the Raiffeisen Federation promotes the efficiency and development of its member cooperatives.

The challenge

The financial sector has always been extremely attractive to cyber threats.
As a result, security strategy, budget management and personnel selection are also driven, above all, by the need to accompany the company’s business through activities aimed at minimizing risk levels, including that represented by the human factor.

The solution

The Cyber Guru platform, with its three training programs, was Raiffeisen’s choice to stay up-to-date on cyber risks and ensure staff training.
The goal of improving risk awareness and reasoning about everyday choices with increased user sensitivity was brilliantly achieved.

From physical theft to digital attack, Raiffeisen Banking Association invests in cybersecurity awareness through the use of services offered by Cyber Guru

“The financial sector has always been extremely attractive to cyber threats”-explains Massimiliano Ricci, chief information security officer at Raiffeisen Information Service.
«In passato si portavano avanti attacchi fisici come furti o rapine. Oggi, queste metodologie sono state in gran parte abbandonate e rimpiazzate da attacchi perpetrati in modalità digitale. Il perimetro delle aziende coinvolte è aumentato esponenzialmente proprio perché le distanze fisiche non esistono più. Oltre che di minacce informatiche, si ragiona quindi sul livello di rischio cui l’azienda è esposta. La quantità di attacchi è direttamente proporzionale all’evoluzione e alla diffusione della tecnologia.».

But what are the cyber security challenges?

According to Eng. Ricci, they are mainly of three types: technological, organizational and human. “From a technological perspective, a cybersecurity strategy must take into account business objectives, risk assessment and market trends. To stay up-to-date, we have adopted a new technology platform to ensure staff training.”

“At the organizational level, one must constantly adapt to change, as evidenced by the DORA regulation, which pushes companies to go to extremes with the concept of resilience,” – Ricci continues.
“On the human level, cross-training is crucial. The Cyber Guru platform makes it possible to raise awareness among all personnel, keeping in mind that the weakest link in the chain is always man.”

Involvement as a key

The Cyber Guru branded training project, launched in early 2023, has a three-year duration to ensure a lasting and consistent path throughout the organization.
“The aim is to create widespread awareness among all colleagues about the risks associated with, for example, the use of devices, both in the work context and in private life. Understanding how closely these two worlds are now integrated is key to defining the levers for the success of the initiative.”-explains Ricci.

“But that’s not all. Initial staff resistance, due to a certain mistrust of the topic of cybersecurity, which has historically been considered “disliked and boring,” was overcome thanks to the concreteness of the project and the gamification concept on which the program is based. The possibility of excelling in a virtual ranking at the Raiffeisen Association level undoubtedly accelerated course enrollment. Thus, the goal of improving risk awareness and reasoning about everyday choices with a safer view on the part of the users has been brilliantly achieved,” – Ricci concludes.
The Cyber Guru platform thus proves to be an excellent and trustworthy traveling companion for the journey that the Raiffeisen Association has undertaken on the topic of raising awareness and training of staff on cyber security issues.

To read the full interview and learn more, click here