Failure, phishing and personal experience

The word “security” is usually associated with a process, a technology or rules. But there is much to it than that. For it is only when everyone involved has a shared understanding of security that they can respond to incidents as quickly as necessary. On the football pitch and at Swisscom.

The ref

What I see isn’t necessarily reality. It’s something I experience as a referee every now and again. My goal is to keep the players healthy by seeing fouls, blowing the whistle and handing out penalties. I am responsible for what happens on the pitch. I attach great value to enjoyment and objectivity. There are endless discussions in football. But one person has to assume responsibility and take decisions – regardless of whether they are right or wrong. My word is law on the pitch. When I review the images again after the end of the match, I am sometimes surprised: instead of the five metres I thought it was, the distance was actually 30 metres. 

We referees are connected to one another at all times during a match by a communication system. This is important when something happens because there is no such thing as zero risk. If you really want something, you’ll find a way. When an incident occurs, the goal is to respond appropriately. For me on the pitch, this means: if smoke bombs, for example, are thrown onto the field, I have to make a snap decision. I can stop the match and guide the players to safety in the locker rooms or to the other side of the pitch. Then I initiate dialogue with the experts: the security officer, stadium director, both team captains and announcer all gather at the edge of the pitch. “Do you see a way to resume the match?” “What measures do we need to take?” The announcer then issues a warning over the PA system: “If another smoke bomb is thrown, the match will be called off.”

The security guy

Hackers who want to make a statement, organised crime, terrorism and espionage – these are our adversaries. Swisscom’s goal sounds ambitious: to create security for people in today’s networked world – everywhere and at all times. But ambitious goals are important. After all, our customers trust us with their information security; they rely on us.

Nowadays, we check our smartphones around 150 times a day and we always know exactly where it is. We are also susceptible to attacks because we move so naturally in the digital world. For example, phishing attacks where imposters send official-sounding e-mails that look like they have been sent by a bank or insurance company, etc. They try to gain access to confidential data and steal people’s identities. In the past, it was easy to spot these e-mails. Today, the linguistic quality is better. Our filters detect standard phishing so that these e-mails are not even delivered via Bluewin. But there are also tricky cases, for example, dynamic e-mails where the URL of the link changes from e-mail to e-mail – in such cases, we cannot identify a pattern. This is why, when it comes to security, it is important that people are actively engaged and able to recognise when someone is about to light a virtual smoke bomb. Around 40% of all phishing e-mails are clicked on! That is way too much.