The joint white paper "Seizing the Potentials of Ecosystems" by researchers from EBS Universität für Wirtschaft und Recht, FIR at RWTH Aachen University, and the University of St. Gallen presents the core characteristics of business ecosystems based on the latest research findings and best practices. The team derives recommendations for sustainable competitive advantages.

Ecosystems as forms of value creation

Ecosystems represent new forms of value creation across company and industry boundaries. They are emerging in all industries and form the basis for the most valuable companies. Between 2015 and 2021, for example, 23% of all startups rated as "Unicorn" (i.e., valued at more than 1 billion $) had their business model significantly aligned with ecosystem value creation. At the same time, 22 of the S&P (Standard & Poor's.) Top 100 companies operated significantly in ecosystems, representing 40% of the S&P Top 100 market capitalization.^*)

White paper explains nine core properties

Successful companies are proving that both customers and companies benefit from ecosystems. The enormous potential for value creation is arousing massive interest in this new form of business, but there is often a lack of common understanding of what ecosystems actually are and can achieve. An interdisciplinary team of researchers has therefore characterized the nature of ecosystems on the basis of three levels and a total of nine core properties: Ecosystem Core

1. Shared purpose and vision
2. Co-creation between stakeholders involved
3. Modular, complementary solutions

Ecosystem Relationships

4. Multilateral relations
5. Autonomous actors
6. Information-based value creation

Ecosystem environment

7. Shared values
8. Common technological infrastructure
9. Network effects

Based on this classification, the research team provides concrete recommendations in the white paper for achieving sustainable competitive advantages in the technological, social and economic environment in ecosystems. Best practices from experienced managers from established industrial companies and digital startups illustrate how the core characteristics of ecosystems are put into practice. The whitepaper is available at seizing-ecosystems.fir.com/white-paper/ available for download free of charge.

This article originally appeared on m-q.ch - https://www.m-q.ch/de/whitepaper-seizing-the-potentials-of-business-ecosystems/

As a partner for input, output, outsourcing and 3D solutions, Faigle has stood for quality, service and innovation for more than 85 years. Over the years, a variety of offers has emerged that has made orientation difficult, both internally and externally. In order to solve this challenge, the brand experts at Jung von Matt Brand Identity first sharpened the positioning together with Faigle: Faigle is a visionary partner who leads companies into the future with tailor-made solutions and the best service. A power brand for the digital world. For this power, the range of services was bundled, the brand architecture was rethought and the number of brands was reduced. To give the brand even more impact, the brand design was also modernized and made more digital.

Complex and alive

The heart of the new appearance is the word mark and the key visual. The new wordmark communicates the accessibility and dynamism of the company with lowercase italic letters. The complexity of the range of services is illustrated by the key visual, which is based on the data flows of a code matrix and is constantly in motion. Together with a vibrant color palette, it becomes a lively design element with a high recognition value. The brand design expresses the brand at all digital and analogue touchpoints and is intended to make the sharpened positioning tangible. In addition to the look & feel for the web and social media, design concepts for corporate fashion, vehicle lettering and stationery have also been created and are currently being implemented.

---

Responsible at Faigle: Tanja Arnold (Head of Marketing). Responsible at Jung von Matt Brand Identity: Diana Geissel (strategy and project management) Piera Wolf, Loraine Olalia, Christina Widmann (design).

After 20 years of Swisscom, Sunrise is the new main sponsor for the Swiss ski association Swiss Ski (Werbewoche.ch reported). There is accordingly a lot of expectation and pressure around the new national ski racing dress.

The new design is intended not only to convey speed visually, but also to physically extract the necessary hundredths of a second for Swiss ski athletes.

How does a design make a ski suit faster? In addition to the supplier Descente, a number of experts from design and technology were involved in the joint investigation of this question.

In addition to Swiss ski athletes, ski legend Karl Frehsner was also involved. From the first design to laser-precise fittings and wind tunnel tests, the development process took more than a year - all top-secret.

Documentary reveals creation process

Paving the way from a top-secret process to a documentary series were Toby Stüssi of MySports and Flavio Gerber of Filmgerberei. "There were an incredible number of people and interests involved in the development. We first had to gain the trust of the biggest key players. That paid off: As observers in the most trusted circle, we were able to bring together an overall picture that was not apparent even to the individual involved," says Gerber.

The trust gained allowed director Alun Meyerhans and his crew to closely follow the protagonists up and down the slopes, thus contributing for the first time the due background story to the unveiling of the new ski dress.

---

Responsible for Film Tannery: Alun Meyerhans (director), Susanne Bucher (producer), Flavio Gerber (executive producer), Andi Widmer (DOP), Lea Filadoro (edit); Jürgen Kupka (color grading), Jingle Jungle (sound design, mixing). Responsible at Mysports: Toby Stüssi (Executive Producer).

Working from a home office has become a part of everyday life at many companies. Since the term "home office" is used quite inflationarily, however, a clear distinction must be made here, because only very few employees actually have a classic home office: namely, a workstation in their own four walls or at an external location that is not only equipped with the necessary software and hardware by the employer, but also has access restrictions that comply with data protection regulations (e.g., lockable room, sole and exclusive use of components from the employer, etc.). What many workers resorted to in the crisis years of 2020 and 2021 is more like mobile working, which brings many new challenges. It became particularly dangerous when solutions were introduced quickly and not with due diligence, just to keep the business running, even if at the expense of security and data protection. Closing these security gaps will continue to occupy many companies in 2022.

Secure connection of home workstations

The impact that the transition to modern home working has had on operational processes in German companies depends crucially on the business model, the individual requirement profiles of employees and, not least, the company's IT infrastructure. For example, what demands are placed on communication and data exchange? While simple document sharing is sufficient for one person, for example, another employee needs a remote workstation to work on a complex 3D model. Many companies have also had to send more workers to work from home than operational resources were available. "Against this background, we have recorded a significant increase in requests to date, in some cases to enable several hundred workstations to work remotely and to close the existing security gaps. The principle: The user accesses a virtual desktop environment (VDI: Virtual Desktop Infrastructure) of the company with his private work device via a hardware-authenticated terminal session. The private operating system environment and the company application interface are physically completely separate system worlds at all times. No company data can be stored on the private end device, as there is no data access between the private and company environments. This is a simple and effective solution for connecting a large number of home workstations and also ensuring a sufficiently high level of protection for all clients from an economic perspective," says Holger Priebe, Team Leader Microsoft and Virtualization at Netlink. "Accordingly, it is no surprise that VDI, VMware Horizon and collaboration applications such as Office 365 with Teams and Sharepoint currently represent the largest growth areas for us as an IT system house, which are also currently taking up our largest personnel resources," he adds.

Physical capacity bottlenecks

The conceptual question of connecting to the corporate network is followed by questions about the physical capacities of the existing network: Do I have a sufficient firewall and enough bandwidth to connect all my mobile employees remotely via VPN at the same time? Do the employees need to work remotely on Microsoft machines at all, or is it sufficient to let them work via a classic client, e.g., by accessing the Office 365 cloud locally, so that the bandwidth of the company's own network is not burdened? It should be noted that it is not enough to establish access once. Load tests must also take place due to dynamic adjustments to the IT infrastructure in order to ensure smooth and reliable live operation without interrupting workflows. But the employee also needs sufficient bandwidth in the home network to work remotely with the usual IT quality. Is the employee online with only one client, so that it is sufficient to set up a VPN tunnel, or does he perhaps even need to be connected via a remote access point? The private WLAN may also already be busy due to other users or may not meet the company's security requirements. Here, an LTE card and an LTE modem from the employer can improve the performance and security of the connection at low cost.

Securing access

Securing access is always a neuralgic point here. "WLAN access should be provided with a strong password that is changed at regular intervals. Ideally, a guest WLAN access is used for home work, so that any company data is not transferred via the same network that other users in the house also use. Depending on the role and authorization, the question also arises as to whether logging into the network using only a user name and password offers sufficient protection or whether access security should be increased with two-factor authentication, e.g., with tokens or one-time passwords, via smart card or with the help of biometric features," explains Niklas Lay, Team Leader Network and IT Security at Netzlink. "If you need additional protection for individual work devices, you can also activate the encryption of the hard drive - after all, Windows 10 already provides a so-called bitlocker in the operating system to prevent unauthorized data access, for example in the event of loss or theft."

BYOD - Raising awareness of risks

A latent danger for companies is to tolerate the use of private end devices without existing guidelines, for example, in order to maintain a supposedly high level of employee productivity. Even after two years in crisis mode, private end devices pose a serious risk to corporate data security because they are largely beyond corporate control. "Many employees here also lack the security awareness that smartphones are mobile and quite powerful little computers with sometimes significant data stores that need to be secured via firewalls and up-to-date virus protection just like their desktop counterparts. In the event of a sudden change in the work situation, many users are not in a position to assess the dangers and risks for themselves and the company. In this respect, it is in the interest of companies to raise the security awareness of employees for the use of private smartphones at work with appropriate guidelines in order to protect the company from external attacks on IT," warns Lay.

Tools for the next crisis: Emergency plan in your pocket

With the increasing use of mobile working, ICT operations are becoming even more important for all companies. The applications and data simply cannot be allowed to fail anymore. The best preparation for successful business continuity management is an emergency manual. This is used to maintain and continue critical processes when certain events disrupt or prevent operations. The complex (IT) structures of our global collaboration networks make us highly dependent on continuous business operations between all process participants - internal and external. This is becoming even more important as digitization progresses. Sustainable risk management must be part of every organization to limit the negative impact of disruptions on business operations. Unfortunately, a damaging event often has to occur before action is actually taken. Responding appropriately to disruptions requires a pre-planned and rigorously methodical approach that takes into account all critical processes, establishes responsibilities and defines communication processes in order to return to productive ICT operations in the shortest possible time. To give companies a quick overview of the (equipment) technical basics and the personal requirements that make companies and employees fit for mobile working, the Netzlink interested readers an e-booklet to download free of charge an. 

This article originally appeared on m-q.ch - https://www.m-q.ch/de/vielerorts-noch-kritische-sicherheitsniveaus-mobiler-arbeitsplaetze/

Things have been quieter around Swatch in recent years, but since the launch of several Moonswatch models at the end of March, the brand has been the talk of the town again. The long lines in front of Swatch stores are testimony to this and have not gotten any shorter in the last three months. "The daily growing demand in the markets currently far exceeds the available products," Swatch announced on Thursday at the same time as its half-year results. The Moonswatch was therefore already sold out again shortly after the last delivery. The respective colors of the watch stand for different planets and other celestial bodies such as the sun, moon and Pluto.

Clever marketing strategy

The fact that the hype surrounding the Moonswatch is so great has to do with a clever marketing strategy. The Moonswatch, which was the result of a collaboration between the two Swatch and Omega brands belonging to the group, is on sale in just 110 Swatch Group stores for 250 francs a piece. "If you want to buy one, you have to come to us," Group CEO Nick Hayek had recently told the Handelszeitung said. By allowing customers to buy the watch only in select stores, Swatch says availability is even more exclusive than with the group's own luxury brands Breguet, Blancpain or Glashütte Original. And although the eleven different-colored watches have been heavily touted on social media, Swatch does not plan to sell the Moonswatch online in the future. However, sales are to be expanded by 25 stores in July and August. Since the beginning of last week, eleven colored Fiat 500s have also been on a road trip across Europe, selling the watches along the way. Here, too, however, Swatch is deliberately creating suspense: exactly where the journey will take them remains a secret.

Growth despite China lockdown

Swatch is also keeping to itself how much the Moonswatch contributed to Group sales in the first half of the year. This rose by a total of 7.4 percent to 3.61 billion Swiss francs. This was despite the fact that in China, where Swatch normally generates around 40 percent of its sales, demand for watches and jewelry collapsed completely in April and May due to the Corona lockdown. The closures in China cost Swatch a total of 400 million francs in sales, it said. On the other hand, the Europe, Americas and Middle East regions posted double-digit sales growth, while the Ukraine war impacted Group sales by less than one percent. Operating profit EBIT even climbed by a quarter to 503 million Swiss francs in the first six months of the year. The corresponding margin was 13.9 percent, up from 11.9 percent a year earlier. Below the line, profit rose to 320 million Swiss francs, compared with 270 million previously.

Confident for the year as a whole

Despite geopolitical tensions and the slump in demand in the Chinese market, which is important for the watch industry, Swatch is confident for the year as a whole. The "daily increasing demand" for the Moonswatch is likely to contribute to this. The Group continues to expect double-digit sales growth in local currencies for the current year. In the second half, Swatch sees "extremely positive" growth prospects for all price segments. Regionally, the strongest growth is expected in the Americas, Asia and mainland China, it said. (SDA/swi)

In the case of position sensors, the focus is on communication capability with regard to Industry 4.0, and IO-Link as the first IO technology certified worldwide for this purpose (IEC 61131-9) is a central topic. Thanks to it, the intelligence of the sensors can be used to the full extent for the automation network, which means a significant added benefit without additional costs. Novotechnik therefore has a whole range of displacement and angle sensors with IO-Link interface in its program. These include, for example, robust single-turn encoders of the RFC-4800 series. They have already proven themselves in many industrial and mobile applications, are compact, easy to install, and record the angle of rotation over a full 360 degrees with a resolution of up to 14 bits. Other sensors with IO-Link include, for example, the absolute, magnetostrictive TH1 displacement transducer in rod form for direct integration in hydraulic cylinders, and the TP1 (magnetostrictive) and TF1 (inductive) displacement transducers in profile form. The latter is suitable for extremely fast positioning applications thanks to an update rate of 10 kHz. Since all these sensors operate without contact, their mechanical service life is virtually unlimited.

Automation technology and mechanical engineering can benefit equally from the position sensors with IO-Link interface (Fig. 2): During commissioning, the user can easily change parameters such as zero point or traverse direction, thus reducing the number of variants. In addition to pure position information, further information such as status or diagnostic messages and statistical data on operating time or environmental conditions (e.g. temperature) can also be exchanged. Errors in the control loop can be localized quickly because the setting parameters are stored centrally. A sensor can therefore also be replaced in a short time and easily re-parameterized. Installation is practical and the sensors can be easily integrated into Ethernet- or fieldbus-based communication networks. Condition monitoring and predictive maintenance concepts thus become feasible.

More information

This article originally appeared on m-q.ch - https://www.m-q.ch/de/weg-und-winkelmesstechnik-fuer-industrie-4-0/

Babtec is a leading provider of software solutions for quality management. For more than 25 years, companies of all sizes and from all industries have been using products from this manufacturer to ensure the quality of their processes and products. Today, the Wuppertal-based company employs over 180 people at six locations. After several offices in Germany as well as branches in Austria and Spain, the software manufacturer is now founding a subsidiary in Switzerland. The entry in the commercial register was made on June 1, 2022. According to Peter Hönle, Head of Customer & Solutions at Babtec, the new company was founded as a result of the growing success of the quality management software from Wuppertal in Switzerland: "We won our first Swiss customer back in 2001, and now more than 100 companies in Switzerland and Liechtenstein - the future service territory of Babtec Schweiz AG - manage their quality with our software solutions. This demonstrates the high quality standards of Swiss companies and the increasing demand of the local market for effective digitalization in quality work. This is why we have decided to be represented by a Babtec location in Switzerland in the future." At the new location, Babtec says it plans primarily to support existing customer projects and expand its sales activities. Source and further information

This article originally appeared on m-q.ch - https://www.m-q.ch/de/caq-software-hersteller-babtec-gruendet-schweizer-niederlassung/

An analysis of Atlas VPN shows that GDPR fines total €97.29 million in the first half of 2022, an increase of 92 % compared to the first half of 2021. The data for the analysis comes from Enforcementtracker, a platform that provides an overview of fines and penalties imposed by data protection authorities within the EU under the EU General Data Protection Regulation (GDPR, DSGVO). From the overview and Atlas VPN's analysis, it appears that companies and individuals will be charged a total of €50.6 million in GDPR fines in the first half of 2021. On the other hand, the number of court cases decreased slightly, from 215 in 2021 to 205 in 2022. In other words, even though the number of GDPR violations decreased slightly in 2022, the severity of those violations was significantly greater - and so was the amount of GDPR fines. The most striking difference between 2021 and 2022 can be observed in February, where the total amount of fines imposed differs by almost 28 million euros. The following trend is also striking: around 70 % of GDPR fines are imposed in the first quarter.

A few particularly blatant cases

Atlas VPN also points to a couple of significant cases of GDPR fines issued in the first half of 2021 and 2022. For example, in June 2021, the Data Protection Commissioner of Lower Saxony fined notebooksbilliger.de AG €10.4 million. The German company had video-monitored its employees for at least two years without any legal basis. The unauthorized cameras recorded workplaces, sales rooms, warehouses and common areas, among other things. The company countered that the surveillance served to prevent and solve crimes and to track goods in warehouses. However, video surveillance is only lawful if there is reasonable suspicion against certain persons. If this is the case, it is permitted to monitor them with cameras for a certain period of time. In this case, however, the surveillance was not limited to specific employees or a specific period of time. In turn, in May 2022, the Information Commissioner's Office (ICO) fined Clearview AI Inc. £7,552,800 for using images of people in the UK and elsewhere collected from the internet and social media to build a global online database that could be used for facial recognition. Clearview AI Inc. has collected more than 20 billion images of human faces and data from publicly available information. The company has not informed anyone that its images have been collected or used in this way. Furthermore, the company actually monitors the behavior of these individuals and offers this as a commercial service.

GDPR buses as "wake-up calls

The General Data Protection Regulation was necessary because the old laws were written before the advent of new technologies like smartphones and tablets, which meant that users were not protected from companies misusing their personal data. The GDPR provides EU citizens with more clarity on how and why companies use their data. In addition, the GDPR significantly limited the data that companies can collect, allowing citizens to browse the internet and use services with much more privacy. In Switzerland, the new Data Protection Act (NDSG) will move in a similar direction. This is scheduled to come into force on September 1, 2023; Companies would do well to prepare for this already today.

This article originally appeared on m-q.ch - https://www.m-q.ch/de/dsgvo-bussen-erreichen-fast-100-millionen-euro-im-ersten-halbjahr-2022/

With its Seismograph software, Ecmt maps comprehensive information in a risk-based and structured manner. This helps companies reduce complexity and thus make the right decisions. The company works with critical infrastructures such as airlines, energy suppliers or companies in the transport sector as well as organizations at cantonal and federal level. In addition, more and more private-sector companies such as insurance companies are also taking advantage of Ecmt's range of solutions and know-how. With the continuous further development of Seismograph, the communicative appearance is therefore to be strengthened.

The big picture view

With Seismograph, decision-makers move at the right strategic altitude and maintain an overview in all situations. This perspective is to be reflected in the new visual appearance and in the visual language. As an additional formal element, the stylized data points illustrate networked thinking and intelligent solutions. With the self-confident appearance, Ecmt wants to clearly distinguish itself from its environment and thus create more identification at the same time. The newly designed content is intended to simplify the complex subject matter and bring the core service directly to the point. In addition to the services, the Site Ecmt's holistic consulting and solution competence and demonstrates the possibilities of its tool in vivid use cases. For this purpose, a sharpened messaging was developed in close cooperation and new content focuses were set.

Effective and efficient

It took about twelve weeks from the briefing to strategy, conception and design to the final website. Analogous to the website, a concise company presentation was also developed. After the first test runs, Roberto Perot, Chief Operating Officer at Ecmt, is visibly satisfied with the completely renewed appearance: "TBS created a brand presence for us in the shortest possible time, behind which we can stand 100 percent. In addition to their proven brand expertise and design competence, we were also convinced by their uncomplicated and personal approach."

The better the emotional fit of the brand ambassador with the brand, the more successful the cooperation will be. This success factor is most valuable when the fit during the collaboration is high. A perfect example is George Clooney's appearance for Nespresso. Here, Clooney's elegant charm and approachability fit the brand from the start. Using an ambassador to steer brand emotions in a new direction, on the other hand, is expensive and only makes sense in the very long term. But how do you analyze this emotional fit? A classic survey is powerless here. Because customers cannot put the emotional impact of brands and ambassadors into words. Non-verbal survey methods, on the other hand, allow the emotional impact of the brand and the ambassador to be measured independently and then compared with each other. With the EmoCompass study von Zutt was approached in this way.

Which brand comes closest to Federer emotionally?

When queried non-verbally, the likeable and successful tennis pro comes across as friendly, inspiring and powerful above all. For a worthwhile fit to emerge, the brand must trigger the same emotions. This is the only way to awaken a clear and consistent feeling in the customer's brain - and to strengthen the brand impact through Federer. If there is no fit, the customer gets a diffuse feeling. This has less of an effect in the brain and remains weaker in memory. On this basis, the following ranking results: According to the study, On is the narrow winner. The sports shoe manufacturer comes closest emotionally to the tennis star. On the one hand, the sporting power is clearly present in a sports shoe. In addition, there is a good portion of inspiration, probably not least because of the innovative shoe sole. For the clear match ball, however, On would also have to convey more friendliness and closeness in addition to the innovative power.

The ranking winner is closely followed by Jura. The Swiss coffee machine manufacturer found in Roger almost what George Clooney is for Nespresso - a likeable brand ambassador who fits the brand. Lindt and Rolex also did well, again creating a valuable emotional fit with Federer. A little further away are the brands Barilla, Switzerland Tourism, Credit Suisse and Mercedes. These fit the tennis pro to some extent, but not enough to create an effective fit. The clear taillight is Sunrise. The Telekom brand does not match any of the three Federer emotions and pulls in completely different emotional worlds. This does not create a valuable fit to Roger.

Conclusion and Learnings of the Study

The study shows that when choosing brand ambassadors, it is always necessary to check on an emotional level whether they really fit the brand. Moreover, not every fit is obvious: tennis players and coffee machine manufacturers are not the best combination on a rational level. On the emotional level, however, a strong match can still emerge. If the emotional fit is right, it is worth paying further attention to how the ambassador is integrated into the communication. Ideally, the brand ambassador becomes part of a story that also fits the emotional profile - the differentiation core of the brand. Such an emotionally fitting story can significantly increase the ambassador's impact. After all, the right story weaves the ambassador and the brand deep into the neuron network of the customer's brain. Incidentally, George Clooney's commercial for Nespresso is also an ideal practical example in this respect. The emotional differentiation core of Nespresso is that its sophisticated coffee system makes you a better host. In the commercials, Clooney is seen in exactly this role. Because Clooney is very well known and popular, mirror neurons are activated and consumers want to see themselves in Clooney again. In this way, the ambassador, brand and story work together perfectly to create an emotionally gripping advertising campaign. So for optimum impact, the brand, ambassador and story must be emotionally attuned to each other. To achieve this, star brands like Nespresso, Apple, Nike and others use methods that can measure the emotional impact of brands and touchpoints.

---

This study was conducted by the Neuromarketing company for research, strategy and design Zutt & Partner carried out. The company offers free Workshops on the study (detailed results, interpretations, further information on the study and initial approaches to solutions). Werbewoche.ch publishes the study free of charge out of editorial interest.

The better the emotional fit of the brand ambassador with the brand, the more successful the cooperation will be. This success factor is most valuable when the fit during the collaboration is high. A perfect example is George Clooney's appearance for Nespresso. Here, Clooney's elegant charm and approachability fit the brand from the start. Using an ambassador to steer brand emotions in a new direction, on the other hand, is expensive and only makes sense in the very long term. But how do you analyze this emotional fit? A classic survey is powerless here. Because customers cannot put the emotional impact of brands and ambassadors into words. Non-verbal survey methods, on the other hand, allow the emotional impact of the brand and the ambassador to be measured independently and then compared with each other. With the EmoCompass study von Zutt was approached in this way.

Which brand comes closest to Federer emotionally?

When queried non-verbally, the likeable and successful tennis pro comes across as friendly, inspiring and powerful above all. For a worthwhile fit to emerge, the brand must trigger the same emotions. This is the only way to awaken a clear and consistent feeling in the customer's brain - and to strengthen the brand impact through Federer. If there is no fit, the customer gets a diffuse feeling. This has less of an effect in the brain and remains weaker in memory. On this basis, the following ranking results: According to the study, On is the narrow winner. The sports shoe manufacturer comes closest emotionally to the tennis star. On the one hand, the sporting power is clearly present in a sports shoe. In addition, there is a good portion of inspiration, probably not least because of the innovative shoe sole. For the clear match ball, however, On would also have to convey more friendliness and closeness in addition to the innovative power.

The ranking winner is closely followed by Jura. The Swiss coffee machine manufacturer found in Roger almost what George Clooney is for Nespresso - a likeable brand ambassador who fits the brand. Lindt and Rolex also did well, again creating a valuable emotional fit with Federer. A little further away are the brands Barilla, Switzerland Tourism, Credit Suisse and Mercedes. These fit the tennis pro to some extent, but not enough to create an effective fit. The clear taillight is Sunrise. The Telekom brand does not match any of the three Federer emotions and pulls in completely different emotional worlds. This does not create a valuable fit to Roger.

Conclusion and Learnings of the Study

The study shows that when choosing brand ambassadors, it is always necessary to check on an emotional level whether they really fit the brand. Moreover, not every fit is obvious: tennis players and coffee machine manufacturers are not the best combination on a rational level. On the emotional level, however, a strong match can still emerge. If the emotional fit is right, it is worth paying further attention to how the ambassador is integrated into the communication. Ideally, the brand ambassador becomes part of a story that also fits the emotional profile - the differentiation core of the brand. Such an emotionally fitting story can significantly increase the ambassador's impact. After all, the right story weaves the ambassador and the brand deep into the neuron network of the customer's brain. Incidentally, George Clooney's commercial for Nespresso is also an ideal practical example in this respect. The emotional differentiation core of Nespresso is that its sophisticated coffee system makes you a better host. In the commercials, Clooney is seen in exactly this role. Because Clooney is very well known and popular, mirror neurons are activated and consumers want to see themselves in Clooney again. In this way, the ambassador, brand and story work together perfectly to create an emotionally gripping advertising campaign. So for optimum impact, the brand, ambassador and story must be emotionally attuned to each other. To achieve this, star brands like Nespresso, Apple, Nike and others use methods that can measure the emotional impact of brands and touchpoints.

---

This study was conducted by the Neuromarketing company for research, strategy and design Zutt & Partner carried out. The company offers free Workshops on the study (detailed results, interpretations, further information on the study and initial approaches to solutions). Werbewoche.ch publishes the study free of charge out of editorial interest.

Cybersecurity costs money. As long as the IT systems and infrastructure are functioning, it is often difficult to invest the resources that would be needed to reduce risks and ensure smooth operation in the future as well, in other words: to establish cyber resilience. When organizations systematically underestimate their cyber risk, it has to do with several misconceptions. In the following, we look at six of the most common misconceptions.

Assumption 1: It only affects the others anyway

"Our company is not interesting enough for a cyberattack after all." This assessment is anything but rare. Unfortunately, the reality is completely different. Statistics show that as many as 99 percent of all cases of cyber damage are the result of attacks that were not targeted at all. In other words, the vast majority of attacks are spray-and-pray. Using the watering-can principle, cybercriminals launch a general attack attempt without a specific target. Then they simply wait to see which companies or organizations, for example, are successful with the mail containing the phishing link. Unfortunately, for many companies, the hurdle for an initial compromise of their IT is not high enough to withstand these attacks in the long term. This plays into the attackers' hands. Especially if they have primarily financial interests and want to blackmail the company, for example, by encrypting it with a crypto-Trojan or ransomware. Here, the spray-and-pray approach is usually the most profitable for cybercriminals. This in turn means that every company is a potential victim. Politically motivated attacks are clearly distinct from this: Here, success is ultimately only a question of the available manpower, because in the case of an ideologically motivated attack, monetary cost-benefit considerations play a completely subordinate role. In such cases, zero-day attacks, which exploit security vulnerabilities in software that are not yet publicly known, are also used more frequently. With a zero-day exploit, the attacker plays a joker, so to speak. Because when the new attack method becomes public through its use, this attack vector is ultimately burned, because software manufacturers then roll out corresponding security updates.

Assumption 2: Attacks from the supply chain do not play a major role

In fact, supply chain attacks are on the rise. In this class of cyberattacks, software solutions, devices, or machines that are supplied to a company and that it uses to conduct its business act as the attack vectors. For example, the Log4j vulnerability disclosed in December 2021 was a zero-day vulnerability in a Java logging library. Log4j is used to create and store logging information from software, applications and hardware appliances. However, because Log4j is sometimes deeply embedded in many different solutions, in thousands of instances, a simple vulnerability scan is hardly sufficient to identify all vulnerable instances here. In general, even open source software is not immune to security vulnerabilities. For example, a professor at the University of Minnesota succeeded in infiltrating vulnerabilities into the Linux kernel in the context of a study. To do this, he and one of his students pretended to provide bug fixes for the Linux community. The aim of the controversial action was to demonstrate how vulnerable even open source projects can be. A security vulnerability in the Linux kernel is potentially so serious because Linux is so widely used. It can now be found in servers and smartphones, and also in a wide variety of embedded devices - from cars to smart homes and machines. With the increasing digitalization of our economy and our lives, networked devices can also become a gateway for cybercriminals. For example, a supermarket chain was hacked by the attackers choosing the smart refrigerated shelves in the stores as an attack vector. The same risk exists for networked devices in the smart home sector. They too represent potential points of attack - a serious reputational risk for the device manufacturer or distributor. In both the private and commercial sectors, therefore, a much more conscious approach to installed software and purchased devices is required. In the manufacturing industry, for example, where a machine can have a life cycle of several decades, sooner or later only mitigating measures are usually available to reduce security risks. This is because manufacturers then no longer exist, or they no longer supply security patches after a few years. Sometimes the only option is to seal off the machine from the rest of the network and accept the residual risk. As a general rule, it would be negligent for a company to shift responsibility for its cybersecurity entirely to its suppliers. Threats from within the supply chain are real and commonplace today. Companies therefore not only need appropriate risk awareness, but also experts who can support them in establishing effective cyber resilience.

Assumption 3: Our employees already have sufficient safety awareness

All too often, employees' careless behavior is still a convenient gateway for cybercriminals to enter the company. Creating and maintaining appropriate risk awareness is a building block for cybersecurity, the importance of which a company should never underestimate. Only if they are aware of the danger will employees consistently avoid passing on passwords over the phone, for example, or carelessly clicking on a dubious link in an e-mail. Sometimes the potential danger is also a direct consequence of daily work. Employees in the HR department, for example, open applications almost every day without being able to know whether or not the digital resume contains malicious code. The same applies to invoice PDFs in the mail inbox of the accounting department. That's why companies need technical measures to protect themselves against such attacks. But it is equally important to reduce the likelihood of successful phishing attempts by creating awareness of the dangers of social engineering attacks in general. Social engineering means that attackers use deception to gain unauthorized data or access. Human psychology methods are misused to manipulate employees and persuade them to transmit information or perform certain actions - such as fatally clicking on the link in the phishing e-mail or telling the password to supposed support staff on the phone.

Assumption 4: The scope of this safety check will already be sufficient

Putting corporate cybersecurity to the test with penetration tests is an important building block in building cyber resilience. However, if the scope of the pentest is too small, little is gained. This creates a false sense of security. A typical example is the exclusion of certain systems, such as those that are at the end of their life cycle because they will soon be shut down or replaced anyway. As long as they are not shut down, however, it is precisely these legacy systems that often offer the most tempting attack vector. Another example: the server running a web application to be checked also runs an FTP service, which allows the server to be completely compromised - but all services except the web application are excluded from the check. Similarly, it happens that, for example, a financial institution chooses the scope of its audit to be only as large as is required by regulation and officially. Again, the result would be deceptive fake security. If pentests are to be truly meaningful, they must not be directed at just one section of the company's IT. Rather, they must be holistic in nature. After all, the goal of a penetration test is not merely to give management a positive feeling about cybersecurity - it is to identify real security gaps and potential attack vectors so that they can be fixed before they are exploited by criminal attackers.

Assumption 5: Penetration testing can be done by the IT department on the side

In most companies, pentesting cannot be an in-house task at all. After all, IT administrators have one thing above all else to do: they have to ensure that the company's systems run reliably. As a rule, the administration team is already working at 100, if not 120 percent capacity with its operational tasks. In addition, penetration testing requires highly specialized and cutting-edge expertiseThis is something that the IT department usually does not have at its disposal. It is important that management understands that a pentest is not something that can simply be done on the side. At the same time, internal IT staff must realize that a security audit is never about discrediting their own cybersecurity work, but about strengthening it. A meaningful penetration test would not even be feasible with in-house resources because know-how and time are lacking. This is only different if the company is large enough to afford its own dedicated Red Team - the attackers - for more or less continuous pentesting. This Red team is then countered by a dedicated Blue team with the defenders. But even a dedicated Red team can sometimes benefit greatly from external support from Ethical Hackers.

Assumption 6: Our backups save us in case of emergency

A little more than five years ago, this statement may have been true. Today it is no longer, not in every case. It's important to remember that the quality of malware has increased significantly. Crypto-Trojans that encrypt corporate data for extortion purposes no longer do so immediately. There is now ransomware that first nests in a company's backups and gradually destroys them. Only months later, when the backup has become unusable, does the crypto-Trojan then set about encrypting the company's data - and the actual extortion begins. That's why it's important today, Backups firstly, to secure them against malware with suitable protection concepts and, secondly, to check them regularly. Only a backup that can actually be set up can be relied on in an emergency. Companies should therefore regularly test, practice and try out their disaster recovery. And if a company encrypts its backup for security reasons: This backup key itself is also a potential point of attack, because cyber criminals can of course also encrypt the company's backup key. The backup would then, in turn, be unusable, and the extortion attempt through the encryption of the company's data could begin. That's why it's important that companies keep their backup crypto keys offline and also document their disaster recovery training offline.

Conclusion: From cybersecurity to cyber resilience

The threat of cyberattacks has not diminished; on the contrary. If a company wanted to conclude from a past that went smoothly that it will continue to be safe from cybercrime in the future, this would perhaps be the most serious misconception of all. Operational reliability can only be established in IT if a company establishes, maintains and further develops its cyber resilience with suitable, holistic concepts and measures. In any case, it is worth the effort to deal with this, because the financial damage in the event of an emergency weighs many times more heavily than the foresighted investment in cyber security. As in medicine, prevention is better than cure when it comes to cybersecurity. Authors: Michael Niewöhner and Daniel Querzola are both managers and penetration testers at Ventum Consulting, Munich  

This article originally appeared on m-q.ch - https://www.m-q.ch/de/sechs-gaengige-fehlannahmen-zur-cybersecurity-im-unternehmen/