KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
As we are going through this, ah, perfect. The human firewall be the human firewall is the new name. Also nicely advertised on the t-shirts one of our giveaways, but starting from, from Ian is today a company of around 80,000 employees with two core business in energy networks and customer solutions and energy networks, clearly being critical infrastructure. And that is also a reason why cybersecurity, cybersecurity awareness is a major part.
Nothing, none of our business would be able to exist without digital processes. So we are always at risk. And this is also the reason why everyone in the company needs to be aware of cybersecurity and of, of the risks that we are endangered with in 2018, there was an announcement by RWE and Ian that they will, that energy daughter of R that time will be sold to, to Ian and merged in 2019. Then the year European European authorities agreed to the deal. And yeah, that's where it all started then.
And we started merging and where we have, we been coming from, from an awareness per ethic, we had two picks on the left hand side. You see what we had at energy. There was a human firewall campaign. So clearly simulations to, or are similar to the name today we had e-learnings we had giveaways, we had posters. We had an on offline game called what the heck we had already an app for, for the mobiles. We had fishing this time with cos as, as our provider, we had, you know, the European cyber security month as one of our lead events, we had life hacking events.
And at the end, at the same time, we had a big community on connect. We had also life hackings. We had a black belt campaign. We had e-learnings. We had fishing already with Lucy at that time. So this was the situation. When we started merging the two campaigns and slowly, well, we needed to consolidate and what do we need to consolidate? The first thing we need is to come together. So let's come together. Let's build trust. We had three days workshops. We had half days workshops.
We had lots of coming together to bring our people into the mood of working together, to collaborate, exchange ideas, and finally start merging and going through this stuff. So 2020, we still had those two campaigns. And over the course of the year, we started to think, what are we going to do in the, in the future? Do we really need two campaigns? And what is essential to our employees? What is essential based on our risk surface, based on our attack surface. So where do we need to go?
And we slowly started eliminating the black belt campaign was eliminated first because we said, well, human firewall is more appropriate to what we think our company would need because we put the human into the, into front and say, the human is on the one hand, the greatest trap and, and door for hackers to come into the business. But also it's the greatest defense we have because everyone is aware. Then we of course have really, really good broad, wide and large firewall in front of anything that wants to come into the businesses.
Well, as it was clear that energy as a market will disappear. We also eliminated those elements where we thought, oh, we don't need them. The izer our nice security wheel. Things like this were, were deleted from the start.
And yeah, that, that was a good thing because we wanted to become Ian. We wanted to become more, but still we also saw, well, the life hacking that we had at E at energy was a bit more sophisticated. So we started evolving. It deleted the eon one and chaired the energy one in the front. And then those guys who were responsible. So you always see two pictures of two guys in, in, on which sites they, they started working together, come together. And in 2020 already, they created a new layout, the human firewall, or be the human firewall.
As the slogan was born, we kept the best of both worlds and then started to improve, improve the layout, improve the learnings, improve also the collaboration, because we, we also had beside the awareness team, a large group of cybersecurity experts in our company, and now we needed to involve them because awareness two guys can't do awareness for 80,000 alone. We need multiplication. We need speakers. We need heroes who come, we need people who play the games. So that's what the guys worked on.
They started to go into the communities, started to collaborate, to build more sophisticated eLearning, to build more sophisticated life thinking. And when I come to eLearning, one thing is clear and eLearning is just the mandatory part. It's something that is crucial. That is important. You need to have a statement and you need to have evidence that you have educated your people in cybersecurity. At least we do as critical infrastructure, but well, nobody ever got aware because he pressed an e-learning never, ever.
So, so we started with more sophisticated fishing campaigns, not the prince from somewhere in Africa, but really the thing that matters like Christmas carts campaigns in the pre-Christmas time, like also campaigns, which were clearly related to the merger where we said your personal, your personal affected by whatever organizational changes. And this was an increase and this, and again, part thanks for the support of leasing all the time. This was something we could very well do with the tools at hand that we had.
Yeah, but last but not least during the year of 2020, we were hit with a virus. So nothing that we had as a presence task, like posters, like games where people come together did work any longer. Nothing we could do. And this was really a shift in our mindset because we, we needed to look on, Hey, what are we going to do? Now in the last years we had a, the CSM, the European cybersecurity month, we at at energy, it was celebrated since 2018 and or 2017 already. And it was always a, a life event with presence, speeches, presence, presentations, games.
We, we collaborated with Deutsche and, and had them showing their, their tools and, and their cybersecurity Pura. And this suddenly didn't work any longer.
We, there was no chats. So we had to, we had to go a different way. And in 2020 then started to also do this on a, on a different way. We started to have everything online and that was really a game changer, but we saw it worked.
So just, just to let you participate in the ECSM results of 2020 and an NPS. So net promoter school, this is where everyone is asked to give a, how would you recommend this event to someone else, to a friend? And you have a scale from one to 10 and nines and tens are evaluated as plus one where everything below six or six and below will be counted as minus one. So the highest you can get is 100. And the lowest you can get is minus 100. We achieved with just an online session plus 84. And I'm so proud of the team because it was one team at that time that reached quite quite a few people.
And you see, it's only roughly 5,000, of course, that's not much compared to 80,000 that we have in the field, but it's a considerable mass. And we, we needed to evolve on this and we needed to do this. And it just wanted to show this also the app users. We increased app users during this month with the campaign by 500, our connect visits. So our internet page was intranet page was visited 290 times more often than before. So this were all great results and great feedback, which we had on, on the campaign. But also some learnings, we needed more external speakers and we needed more.
And then we went over to 2021 and we knew we needed to do something different. We, we had a nice campaign. We had kept the best of both world, but we haven't really grown together. And also we had changes in the team to come and well, the team changed, the design changed. We kept some good content and improved on it. We started to do fishing. We started to do more collaboration we have now. And you can see this completely new design, which is a little bit more on the one hand, aggressive, prominent on the other hand, also more fancy and, and, and, you know, highlighted.
And this is something where we evolved over time. Also the life hacking the sessions we had in the past, it has been password hacks. And so on this, this evolved and, and, and we did more fishing attacks were not only based on click rate, but really on fishing for credentials, our connect page, we, we were brought it to across the whole community.
That cybersecurity is important in a way that even external auditors, short and maturity level of four for our awareness campaign, this doesn't necessarily mean we are more secure than others, but at least our awareness campaign is on a high maturity. And we have the capabilities and possibilities to, to do more and to be more, you know, major and more in, in whole, and have a, have a, the prospect and the capabilities to really found good security culture. What we've keeping well is, is now the app, which is a great tool it's and includes gamification.
It includes com of individuals to each other, by quizzes, et cetera. It's also an information source because it gives you insights of who to contact. We keep the life hacking, which still has of course, password hack, because it's important to show people how easy it is to crack a password. And that even a regular PC that everyone has on their desk is able to crack passwords in seconds.
If they're not designed in the right way, our e-learning, and this is something where we collaborate with data protection with legal, with, with other parties and, and your departments in the company where we said, well, e-learning is just the must have, as I said before. So it's, it's not really important that important that you go through this.
We stayed with fishing, we still do fishing campaigns, but we, we also learn here that our fishing campaigns in the past, we had three to four for the whole company a year, but we also have the comparison internally and externally that those companies who do 10 to 12 fishing campaigns a year have both lower clicking rates and lower rates of credentials. So at this time more is better. Repetition is key. Yeah. And from the lessons learned, I can just give some statements and underline digital campaigns do work, and you see all this is in the new layout.
So we have had now with a relaunch of our campaign, a very, very positive feedback. It's, it's a great mass. And you see some scratches here and there in the picture. This is because the picture is scrambled. It moves itself to, to the real picture by protection. Collaboration is key. So we wouldn't be able, and we wouldn't be there where we are. If we wouldn't collaborate with external companies.
So both an agency, of course, we can't do everything ourselves, and we have to adhere C DCI's restrictions, but also internally, we need to collaborate with it with a workers councils, with a board, with a supervisory board awareness is something that is, must be spread wide and across everyone we even consider now whether it's good or bad to, or, or good and, and healthy. And, and, and yeah, given us benefit as a whole, if we, if we educate our customers and our suppliers, and where is the benefit for this, and it's, it's going on a good way.
So collaboration with everyone in the company with everyone outside the company is key, embrace, change. Something like COVID, something like that can happen anytime soon, again. So be prepared for change and embrace it.
It's, it's always good to have a different view on what you're doing. Plan. Do you check act? Everyone knows the demoing circle, IMSS are built on it. It's necessary, but important. It's repeat repetition. If we talk about awareness, and if we talk about cultural change, repetition is the key. It's not that you do something once. It's not that you do something twice. It's constant, constantly evolving, constantly repeating the things so that the lessons are really learned and most important, have fun with it last but not least. You need to get out of your comfort zone.
Sometimes it takes a virus to get you out of your comfort zone. Sometimes it gets a different view, an auditor whatsoever, but it's important.
Always, like I said before, have a different view, take the other perspective, probably the perspective of a hacker, how he would, they would go into the company. And that would be great to enhance your awareness company. This is also who we are now. So we have two awareness managers for service awareness.
They build the umbrella, but the team behind is the employees who stand to model for our campaign, the information security offices, there are 60 and eon in total, which promote this, which go out into the business, the technical teams in the cyber emergency response team and the cyber threat intelligence team, which support us by creating all the technical insights, helping us with the, with setting up the life, hacking, et cetera. So this is really important. This is collaboration, how it works, and now I've come to an end. Let's talk. What are your questions.
