Novomatic, the market leader in gaming
With Cyber Guru came the results sought and expected for years
It only takes one wrong click to ruin corporate business. And when there are thousands of employees, the risk is very high. For this Novomatic Italy chose Cyber Guru after experimenting with several of the world’s leading training platforms.
“A choice that turned out to be excellent and gave us incredible results in a short time“, says Pasquale Salerno, Ciso of Novomatic Italy, which has about 4,000 employees, 3 main offices (Rome, Rimini and Bolzano), numerous smaller offices and is active throughout the country, including islands. The company, an Italian rib of Austria’s Novomatic AG, one of the largest international manufacturers and operators of gaming technology active in 100 countries and with nearly 25,000 employees worldwide, is a market leader in the gaming industry, understood as land-based and online gaming concession, direct management of Italian gaming halls, such as Bingo, and rental of amusement machines. Novomatic is headed by thousands of game servers and more than 500 in-house application servers.
“Our CyberSecurity Awareness sensitivity,” Salerno says, “is very high, not only because we handle so much technology but also because we have to adhere to strict compliance rules, as far as legal gaming is concerned, which are subject to control by the Customs and Monopolies Agency. In addition, having an in-house payment institution (Admiral Pay) we are subject to Bank of Italy controls.”
For these very reasons, since its inception in Italy in 2007, the company has had a robust protection structure, from classic Antimalware/Antispam to very advanced firewalls and devices with data protection capabilities. In addition to this, it has turned to the most renowned international training platforms to strengthen the awareness of the thousands of employees who perform a wide variety of functions (cooks, drivers, technical staff, administrative staff, managers, etc.).
“But the results were not satisfactory,” Salerno says. “I didn’t see enough involvement from the staff, so much so that our percentage of serial clickers, despite all the attention put into it, was still at a very high level, if we think that the human factor is still the one linked to the highest risk of Cyber attacks.”
Exacerbating matters was the revolution brought about by the pandemic that transformed the way we work. Smart working is also regularly practiced at Novomatic, and by now desktop computers have become rare because almost all resources use portable devices, and about 2,000 employees have a company mailbox. In short, a very wide perimeter of attack and a high-risk situation to be kept seriously under control.
With Cyber Guru, the CISO group saw the long-awaited and sought-after results coming in a short time.
“As early as the second month of using the platform,” Salerno says, “we saw a steep drop in the percentage that we were so afraid of. We went from an initial percentage of Serial Clickers close to 50 percent to less than 5 percent , and in the following months this continued to decline, traveling on an average of 1-2 percent. A truly extraordinary achievement.”
The strength of Cyber Guru compared to other platforms, for Pasquale Salerno, lies precisely in the training modality that takes into account the different approaches to a subject that is often considered hostile.
“We really liked,” Salerno says, “the use of avatars with Artificial Intelligence and the profiling of users into 3 categories, the result of combining the results of various tests done over the months with the results of phishing activities.
But the winning elements, compared to the other platforms tested lie in the design of continuous training with multi-year duration and the great manageability of the training sessions, which never exceed 14 minutes each.
We had realized long ago, in fact, that the 3 or 4 courses a year that are normally given in companies have little effectiveness, because safety is a subject that changes and must be continually practiced, and that sessions longer than 30 minutes were not having the desired effect.
In short, the ideal formula to really change the approach to the subject is what Cyber Guru has proposed to us: short training pills, well manageable in a workday, and keeping the focus on security always on. Exactly what I had long had in mind but could not find in the various educational offerings.”
So much so that the company, which recently entered its second training year with Cyber Guru, has decided to start the Novomatic Italia Cyber Security Academy, a three-year course at the end of which it will decide how to continue. With one certainty: training should never be interrupted and should continue throughout working life.
In addition, Novomatic complements the modules offered by the platform with in-person workshop sessions focused on key deficiencies or critical issues, which are also used to further raise awareness of the use of the platform.
So much so that the first year ended with 95 percent staff participation. “An excellent result,” Salerno says, “because we have greatly lowered the human factor risk index. However, this does not mean that we should be lulled on our laurels because we know that a single resource, with incorrect or unaware behavior can create enormous damage.”
A separate discussion should be made about gamification. “I must confess,” Salerno says, “that at first I was very skeptical about its effectiveness, I did not consider this aspect of competition between teams important. In fact, it almost seemed like a waste of time and an unnecessary frill. That is why I had not given any information to the internal teams about the possibility of using this tool as well. But to my surprise, I discovered during the various coordination meetings that the teams, unbeknownst to me, were already competing against each other.
I saw Team Leaders arguing good-naturedly about the fact that one of their resources had caused the other to lose first place in the rankings. And that’s when a world opened up to me and I realized how challenging it can be to participate in safety-specific competitions. So much so that we are considering including this subject in the program of some Novomatic events, involving all the companies in the group, providing rewards and benefits for healthy internal competition, but above all the very human satisfaction of being the best.”
