Information technology is now part of daily working life across the board at AMAG – we could not do what we do without computers, data and networks. But IT also harbours a number of risks: viruses can infiltrate and paralyse systems, while hackers can steal and misuse data or hold companies to ransom by stealing or encrypting data. Information security is therefore a key issue at AMAG.
AMAG adopts innovative approaches in its drive to sensitise employees to digital threats. We have used Troy Troller, a character designed by an illustrator, to make employees aware of cyber risks since 2019. In 2022, we gave Troy an accomplice to further raise awareness – Trixie Tricker was unveiled at our Family Day event in September 2022. In an interview, Roger Mattmann, Chief Information Security Officer at AMAG, explains why Troy and Trixie are needed and how they do their job.
Why do we even need Troy and Trixie?
IT systems can be as smart as you like – but humans remain the weak link in the information security chain. Cybercriminals often attempt to hack into a company’s computer systems through employees – be that by sending fraudulent e-mails, creating fake social media profiles or using other methods. We know that around 85 per cent of cybersecurity breaches are caused by human error.
Troy Troller and Trixie Tricker – why did Troy get an accomplice in 2022?
Troy is there to highlight the threat of technical attacks. But more and more cybercriminals are using so-called social engineering. In other words, they attempt to spy out companies and spot avenues of attack through digital or even direct physical contact with employees. Social engineering can account for up to 90 per cent of the effort that goes into a targeted attack before the actual technical attack then takes place. Trixie is designed to raise awareness of this threat, while Troy will continue to focus on the technical side of things. Together, they form a strong duo.
What is Trixie like?
She is young, dynamic and agile. She is also very affable and quickly establishes a good rapport with most people. That is how she builds up trust. People like talking to her – and she is adept at eliciting information from them as they talk. She then passes on this information to her accomplice, Troy.
Does AMAG use Trixie as a preventive measure, or are the threats from cyberspace already a reality?
Trixie is designed to work alongside Troy to prevent cyberattacks from damaging AMAG. In this sense, we use these characters as preventive measures. But the dangers are already lurking and very much present. Here is an example: fake profiles of alleged AMAG employees recently appeared on the social media platform XING; these people entered AMAG as their employer in their profiles. They then started networking with actual AMAG employees to build up trust and spy out vulnerabilities for targeted cyberattacks.
What other dangers lurk on platforms like this?
I am often astonished at how little thought people give to cybersecurity before they post on social media. You see photos from workshops with easily legible information on flip charts in the background or screens with open program windows displaying sensitive data. Trixie is also designed to raise awareness of this type of threat. Incidentally, that is why she and Troy were each given their own LinkedIn profile recently – their circle of friends and contacts is growing all the time.
How else do you use Trixie and Troy?
We are creative here. It ranges from posts on our intranet to appearances in person at events. During the European Cybersecurity Month in October 2022, we organised a lunch and an after-work aperitif party, for example. Employees from my department dressed up as Trixie and Troy attended these events to raise awareness of cybersecurity issues. Now and then, we also try to trick our employees – quite deliberately. If someone falls for it, it is a big eye-opener.
That all sounds rather playful. But how significant is the actual benefit?
All sensitised employees pay more attention to the threats and dangers that exist in cyberspace. Cyberattacks have the potential to cause a huge amount of damage; therefore, our measures are most definitely of benefit. In 2022, during an audit, we introduced Trixie and Troy to various Volkswagen managers, all of whom were impressed by our initiative.
