BNL, Safety is learned through play
BNL, Banca Nazionale del Lavoro S.p.A., is an Italian bank based in Rome with over 100 years of history. Since 2006 it has been part of the BNP Paribas Group, a European leader in banking and financial services with a presence in more than 70 countries. Nowadays, it is among the largest Italian banking groups with around 2.5 million private clients.
Transforming Cybersecurity Awareness into a pillar of “cyber culture” with a tangible and structured programme. Because defending against cyber threats is not just a matter for a few security specialists, but for all colleagues in the bank, including citizens and clients.
To protect its employees from cyber threats, BNL identified our platform as the most effective solution, capable of engaging all 13,000 employees in a positive challenge to strengthen their cybersecurity awareness.
Playing is something serious!
Cybersecurity requires special attention to the human factor, which is the weakest link in the security chain, but at the same time can make a difference through knowledge and awareness. “Since 2017,” says Marco Tulliani “we have increased our efforts on the cybersecurity programme based on the NIST Framework, with an important focus on prevention, because in our opinion in this ecosystem it is crucial to be able to define a set of rules and activate prevention steps. We also implemented a series of processes whereby our applications have security by design and we are creating a solid cybersecurity awareness.” IT security is an important element of corporate policies and requires not only a coordinated response between the public and private sectors, but also synergetic action inside and outside the bank. This is necessary to protect the bank and its clients from cyber threats.
How to raise the level of awareness
Physical cybersecurity needs special attention to the human factor, which is the weakest link in the security chain, but at the same time the element that can make the difference, acting on the level of knowledge and awareness. “Also based on the NIST Assessment, we started,” says Picano “with a survey that produced important results and helped us understand where we had to go from here. We then undertook several initiatives, including one on ethical phishing. We realised that we had to do a lot of training”. But in many cases, corporate intranet training is experienced as something to be imposed. This is why we opted for a specific e-learning platform, which allowed us to adopt a more engaging model”.
A Cyber Guru for security training
After careful selection, BNL chose the Cyber Guru platform as a solution to reinforce the security level. But that’s not all. Using the Cyber Guru solution, BNL mounted a real “cyber security awareness championship”, in which its 13,000 employees divided into 105 teams engaged in a real competition. “The goal is to make the behaviour of all colleagues in the bank safe, compliant and internalised,” says Picano.
How to measure results
“The first indicator for measuring results,” says Picano “is the participation of colleagues in the championship, which was almost total. Another important measurement we have made and will continue to make is the number and quality of responses to our regular ethical phishing campaigns, which allows us to understand how cyber culture is improving. Another relevant aspect is the increase in contacts and tickets to us to report suspicious cases or situations deserving investigation to the incident response team. Lastly, the awareness of top management, who want to be kept fully informed on the progress of the initiative, has also increased considerably.”
To read the full interview prepared by the Data Manager click here.
BonelliErede tells how Cyber Guru’s tools managed to break through the wall of disinterest and helped the whole team reach unexpected levels of digital awareness.
Given the scale of the facility and the number of people revolving around it, Virgin Active Italia chose a platform capable of strengthening everyone’s digital readiness.
The Department made the decision to invest in training in order to develop greater awareness in the management of digital identities and to limit the risks that can arise from them.