Networking and collaboration: Key to cyber security

Ralph Hutter is Head Ecosystems & Partnerships at Finnova and program director at the HWZ Hochschule für Wirtschaft. The computer scientist with an MBA has over 20 years of professional experience in digital transformation and digital product management at Swiss banks and leading software manufacturers. Since 2009, he has been lecturing at the HWZ Hochschule für Wirtschaft as a program director in the areas of Platforms & Ecosystems and Digital Product Management.

Ralph, could you give us a brief introduction to the concept of an ecosystem?

When I I refer to "ecosystems", I am talking about an economic concept, as opposed to the ecosystems in the context of natural science or the corresponding concepts in the fields of environment and sustainability.

There seems to be no universal definition for the concept of an economic ecosystem; it can be viewed from different perspectives. On the one hand, it can refer to my own partner network in which I am active. But it can also be a platform ecosystem that functions as a business model of a digital platform such as Airbnb, for example. And then there are also new ecosystem areas that may be considered instead of the traditional industry sectors, such as mobility, health or entertainment.

What are the implications for organisations operating in these new ecosystems?

The ecosystem requires a paradigm shift in the way we look at collaboration and business models. This change can be seen in various aspects:

• Customer centricity: It's no longer just about putting my own interests first, but prioritizing the importance of customers and their benefits for product innovation. By actively involving customers in the development process, I can create solutions that are better tailored to their needs and thus lead to greater customer satisfaction. It is a shift from an egocentric perspective to a customer-centric approach, also known as "customer centricity".

• Co-creation: Collaboration with customers, partners and even competitors enables the joint development of solutions. Competition gives way to "co-opetition", which leads to faster innovation cycles within the ecosystem.

• Make or buy: Standardized products or proven partner solutions do not have to be reinvented, but can be sourced efficiently.

• From pipeline to platform: The transition from the linear, traditional value chain (from Porter) to a platform-based business model opens up new opportunities for value creation and collaboration.

• New distribution of roles: There are different roles in an ecosystem. You may no longer be at the center, but become a participant or provider in another party's ecosystem. A company can be an integral part of "n" other ecosystems created by others.

Why are ecosystems particularly important in the area of cyber security?

The growing complexity of cyber security requires collective efforts and collaboration. As can be seen from the attached picture, there are a large number of different specialist topics and business areas that need to be addressed. It is simply no longer possible to tackle cyber security alone. The enormous demands of this area can only be met effectively through cooperation between different parties - partners, suppliers and customers.

The cyber security ecosystem is also extremely dynamic. The landscape is constantly evolving and is characterized by numerous new technologies and attack vectors. This is particularly true against the backdrop of the Internet of Things (IoT) and smart devices, which further increase the complexity of the landscape. Everything is networked and therefore potentially vulnerable to attacks.

A wider ecosystem enables broader coverage and a pooling effect in the area of threat intelligence. It is practically impossible to keep track of all attack vectors, ongoing attacks and technologies on your own.

Speed is also of the essence in the area of incident response. Many companies are not in a position to have an appropriate Computer Emergency Response Team (CERT) or crisis team on site. The support of professional partners is essential here.

In addition, it is no longer enough to simply secure your own network perimeter. The security of the entire supply chain must be guaranteed, as the attack surface of all partners and suppliers must be taken into account. It is important to identify and eliminate potential vulnerabilities to ensure cyber security at all levels.

In short, cybersecurity has become a collaborative effort that requires a broad, dynamic and interconnected ecosystem.

Can you give a specific example of how ecosystems can contribute to improving cybersecurity?

A prime example of an ecosystem is a bug bounty program. At GObugfree, you rely on collaboration with security researchers and so-called friendly hackers to support your customers in the area of vulnerability management. You rely on crowd intelligence: each friendly hacker brings unique skills, tools and experience to the team. This creates a powerful collective that delivers fast and professional work through pooled skills and joint efforts.

How can an SME get started in the cybersecurity ecosystem?

The first step is to create a Cybersecurity Maturity Model. This enables an assessment of the existing capabilities in the company and shows which aspects of cybersecurity have already been addressed. For those elements that have not yet been considered, now is the right time to address them.

If there are no in-house capabilities, the company should consider building them up or supplementing them through partnerships. The cybersecurity ecosystem is very dynamic and it is important to be prepared for change.

Another essential step is to create a risk profile. SMEs are often buyers of specific solutions, so it is crucial to know which "crown jewels", such as data or intellectual property, need special protection. Which processes are particularly exposed? Where is the guarantee of confidentiality, integrity and availability (CIA) particularly important?

In Switzerland, there are various contact points, such as the National Cyber Security Centre (NSCS), which can provide companies with both organizational and technical support. A cybersecurity check can serve as a first aid and help to obtain a clear overview of the current security situation.

You are Head of Ecosystems and Partnerships at Finnova, a provider of banking solutions. How do ecosystems create added value in your day-to-day work and how do they contribute to the overall corporate strategy?

We see ecosystems as key drivers of innovation and value creation. The openness in an ecosystem promotes innovation and enables a variety of partner solutions that ultimately offer more value for the end customer, especially in the context of open finance and fintech solutions. For us, an extensive ecosystem also means a greater choice of partners. This leads to more competition and transparency while reducing risks, as there are always several partners to choose from. With different partners, we can react more quickly to changes, drive innovation and accelerate our growth.

In addition, working in an ecosystem enables the joint development of new products. This can happen through innovation processes, hackathons or other collaborative initiatives. It also allows us to tap into new markets and create more efficient processes, enabling us to get to market faster.

How do you see the future of ecosystems in terms of cybersecurity, especially for SMEs?

Increasing connectivity, extending through more and more channels, will play a crucial role in the cybersecurity landscape of the future. New technologies such as AI and quantum computing play an important role in this, as they can potentially be powerful tools for cyber attacks.

As globalization progresses, cyber risks are expected to increase rather than decrease. For SMEs, this means that they need to strengthen their cyber security measures and prepare effectively for this changing landscape. Therefore, it will be crucial to create and maintain cybersecurity ecosystems to overcome these challenges and protect against potential threats. Start your bug bounty program now! :)