VZO took the opportunity presented by the changed situation to subject its cyber security to a critical review. Its approach involved raising awareness among employees, as well as putting its IT technologies, processes, and methods to the test. Potential vulnerabilities were to be identified, evaluated, and eliminated, to ensure that the company could maintain its business operations reliably despite a constantly increasing threat level. The company commissioned experts from T-Systems/Deutsche Telekom Security to perform a security check and risk assessment.
Penetration testing from T-Systems/Deutsche Telekom Security gave us transparency for our network and enabled us to improve our security level.
Dominik Trachsel, Head of ICT, Verkehrsbetriebe Zürichsee und Oberland AG
External penetration tests are an efficient, proven method for testing the current security level of (information) systems, technically and objectively. Penetration tests are used to review networks, systems, and/or applications. Before the test, VZO’s managers and Deutsche Telekom Security defined the scope, the targets, and the procedure in a “permission to attack”.
Over the course of two months, the security experts scrutinised VZO’s network intensively. Initially, public sources of information were perused to identify potential attack vectors. Automated port scans provided information about the services and operating systems.
Based on this information, the security experts assessed the risks posed by the identified vulnerabilities. To minimise the company’s risks and mitigate the identified vulnerabilities, the experts presented a prioritised list of suggested solutions. The outcome of the tests was documented in a report containing a summary of the results and a description of the approach used, along with an analysis of each vulnerability. It also contained a risk assessment, a list of the affected systems, a description of each vulnerability and its impact, recommended measures, and documentation of the weak points.
Thanks to the analysis by external experts, the managers at VZO gained transparency regarding the strengths and weaknesses of their network. The prioritisation and risk assessment enabled them to eliminate weak points efficiently and purposefully, permanently increasing the company’s security level. With this step, VZO helped safeguard business operations despite a constantly increasing threat level.
Every day, more than 60,000 passengers trust the transportation services of Verkehrsbetriebe Zürichsee und Oberland AG (VZO), the Zürichsee and Oberland transportation service company. With over 300 employees, the company ensures that commuters, school children, and occasional passengers within 250 km2 of the Zürcher Oberland and the right bank of Lake Zurich reach their destinations reliably and on time. VZO provides optimised transportation services to the population of the Zurich economic region – while helping to protect the environment. The quality of its services is confirmed by measurements by ZVV, the Zurich Transport Association, which acts as the contracting entity for VZO. The transportation company operates an ultramodern fleet of more than 100 buses and invests heavily in its employees. It was recognised with the Swiss Arbeitgeber Award in 2021, Switzerland’s most significant prize for employer attractiveness. Regular training for staff and occupational health support are among the many benefits that VZO offers its employees.