How the service and installation company are upgrading their cybersecurity thinking
As the real estate industry digitizes and changes, increasingly connected products and services create opportunities - but also an increased risk of attack surfaces. The listed service and installation company Bravida saw a need for increased awareness of cybersecurity and to scale up its work, so they took help from the Centre for Cyber Security at RISE.
Electricity, heating, cooling, water, and ventilation are some of the functions we expect to work in our properties and in everyday life. As the Nordic region's leading supplier of complete technical solutions in service and installation, Bravida helps its customers to create well-functioning and sustainable properties. They currently have over 65,000 customers throughout the Nordic region, almost 14,000 employees and operate in around 180 locations, maintaining public buildings, hospitals, universities, prisons, schools, and industrial properties. Important societal functions that we citizens use daily.
Connected services are vulnerable.
In recent years, Bravida has seen an increasing use of integrated smart products (IoT) and new demands for energy optimisation through automation. This creates many opportunities, but also risks.
"Cyber security is already an integrated and important process within the company, but recently we have seen an increasing number of cyber-attacks. We continuously monitor developments, and it is mainly the connected services that are vulnerable. We therefore see it as a high priority that we create the conditions for a secure connected environment," says Åsa Neving, CFO at Bravida.
RISE is part of the cybersecurity journey.
To stay one step ahead, Bravida chose to scale up its work on cybersecurity. Since it already had systematic ongoing work with high technical protection and internal basic training, it now wanted to focus on the human aspect and mistakes that are more difficult to protect against, by raising awareness of cybersecurity for individual employees and suppliers.
"Raising awareness is key and we saw RISE as a good partner to help us on that journey, as an independent, non-commercial actor with competent expertise in cyber security. In addition, there is a unique exercise arena for cyber security - Cyber Range - which we feel will contribute to increased awareness," says Emil Dahlin, CIO at Bravida.
Cyber Range is a test bed run by RISE, where companies and organisations test new parts of a system to see if they have built it correctly and identify any weaknesses. It is possible to test the technical systems, but it is equally important to ensure that procedures and organisation work optimally, which makes Cyber Range a good training arena for cyber security.
The Cyber Range at RISE is unique, a good training arena.
Failure as a way to improve decision-making skills
The training will be carried out by everyone in the company, to increase awareness of cyber security at all levels. Initially, Bravida has gathered the management team on three occasions in the Cyber Range for training and exercises. By interspersing theory and practical exercises with role plays and real-life scenarios, the management team was able to practise situations that can arise daily. What surprised the participants was how easy it was to fail, which gave new insights on how to make decisions in a real crisis scenario.
- 'It was valuable to learn about different approaches and how perpetrators think,' says Åsa Neving. "It also provided training in decision-making, and an important insight we gained during these exercises was that one wrong decision can lead to a long chain of wrong decisions.
Continuing to work with "cybersecurity awareness."
In the future, Bravida will continue to work on strengthening awareness of cybersecurity in a structured way and include it in the development of new secure services. It will also place higher demands on partners and secure the entire value chain.
"We are more ready, and know what and who should do what, in the event of a cyber-attack," says Emil Dahlin. All these measures in a continuous process we hope will ultimately benefit the end user's everyday life.
The more connected the world becomes, the more demands on everyone who is part of that connection.