Cyber security in the face of new risks: The 14th InfoGuard Innovation Day takes stock

With over 850 participants and more than 5,000 sessions attended, the event in InfoGuard's anniversary year confirmed its high relevance for decision-makers and experts from the DACH region. In 23 presentations and at virtual exhibition stands from 12 leading manufacturers, the Innovation Day offered a compact overview of current cyber trends and specific fields of action.

In his keynote speech, Manuel Köpfli, Chief Information Security Officer of Basler Verkehrs-Betriebe, outlined the framework conditions under which operators of critical infrastructures must ensure consistent cyber defense. Dr. Hannes P. Lubich, member of the Board of Directors of InfoGuard AG, followed on from this in the second keynote speech and explained the strategic impact of quantum computing on cyber security.

KRITIS under continuous operation: the keynote on cyber security in public transport

In his keynote speech, Manuel Köpfli gave an impressive insight into the cyber reality of critical infrastructures. As the operator of a highly available 24/7 transportation system for around 400,000 people every day, BVB faces highly complex challenges: a historically evolved, heterogeneous IT/OT landscape, long lifecycles of traffic-critical control systems with operating times of up to 30 years, as well as increasing regulatory requirements and supply chain risks.

Köpfli demonstrated that cyber security in the KRITIS environment only works holistically - from preventive measures, detection and response to resilient business continuity and crisis concepts. Key success factors are a practiced ISMS, clearly defined processes and the continuous further development of the security architecture. He also emphasized the added value of strong partnerships, for example through the support of a 24/7 staffed SOC, in order to remain capable of acting even in continuous operation.

Quantum computing as a turning point - keynote speech on the cyber security of tomorrow

In his keynote speech, Dr. Hannes P. Lubich outlined the significance of quantum computing in terms of security policy. He explained the technological foundations at eye level - from qubits to superposition and entanglement. Lubich showed how quantum algorithms (e.g. Shor) overcome the computational hurdles of established RSA encryption - with far-reaching consequences for established security mechanisms. Crucially, according to Lubich, quantum computing is no longer a distant future scenario, but widely accessible via cloud services.

In addition, Lubich advocated that organizations should address quantum-safe cryptography at an early stage in order to ensure long-term confidentiality and digital sovereignty. At the same time, he broadened the view beyond pure encryption: in combination with AI, IoT and robotics, highly autonomous systems are emerging that open up new potential for efficiency, but also harbor risks of loss of control that should not be underestimated. His central message: anyone thinking strategically about cybersecurity should invest in skills, ecosystems and governance around quantum computing now, before technological reality overtakes regulatory and organizational responses.

Did you miss either of these keynotes? The virtual event platform is still open until February 22. Log in or register with just a few clicks and discover all the content on demand.

Nine sessions ranged from real-life attack scenarios to specific requirements for modern cyber defense.

The main topics at a glance:

• APT leaks and attacker capabilities: APT leaks make formerly exclusive attack techniques widely available in a short space of time - visible in the case of Conti, iSoon or Nomansec, for example. This was outlined by Matt Green, Principal Incident Responder. The key message: the decisive factor is not who is attacking, but with what capabilities. Consistent patching, MFA and system hardening are more sustainable than reactive measures and strengthen resilience to professionalized attacks.
• Cyber security in the age of AI: Andreas Troxler, Principal Cyber Security Consultant, illustrated the influence of AI on the speed and complexity of the threat landscape. Practical examples from M365 and Copilot environments showed the new risks that prompt injection, oversharing and a lack of governance pose for the protection of sensitive data. Troxler's key message: Effective AI security requires clear governance, technical protection mechanisms and early consideration of new compliance requirements such as the EU AI Act and ISO 42001.
• Cybercrime in the DACH region: Ernesto Hartmann, Chief Cyber Defense Officer, outlined the new contours of the changing threat landscape: Ransomware actors are professionalizing and using AI for highly scaled, automated attacks that increasingly involve data exfiltration instead of encryption. In the face of this dynamic, basic controls such as MFA remain crucial as they can prevent many attacks. Hartmann reiterated that today's risk situation requires a combination of AI-supported defense on established platforms with local data sovereignty and a clear human-in-the-loop approach in which people continue to control critical decisions.
• Cyber Threat Intelligence: Sandro Bachmann, Senior Threat Intelligence Analyst, focused on identities as a central gateway to modern cyber attacks. According to Bachmann, phishing, CEO fraud, infostealers and MFA bypasses are key entry points, while supply chain compromises open up additional attack surfaces. Traditional malware protection falls short here. Bachmann's recommendation for effective defense: phishing-resistant MFA (FIDO2), consistent identity protection and increased vigilance along the entire digital supply chain. According to Bachmann, the interplay between automated detection and human evaluation in the sense of targeted human-AI teaming remains crucial.
• Incident response & crisis management: Stefan Rothenbühler, Principal Incident Responder, explained why cyber crises need to be treated like fires. His credo: preparation is 90% of the battle. Rothenbühler's focus was on structured crisis management along clearly defined phases - from preparation, detection and containment to recovery and lessons learned - supported by robust playbooks and well thought-out communication with stakeholders, including reporting to the authorities and negotiating with the attacker. Early exercises, activated logging, verified backups and the timely involvement of experienced partners are crucial in order to remain capable of acting and to restore systems safely and in a controlled manner via in-situ restore in the event of an emergency.
• Human risk and the power of manipulation: 80% of cyber attacks start with people, which is probably why social engineering attacks work so well. Jill Wick, Cyber Security Consultant, explained impressively how social engineers specifically exploit stress, time pressure, authority, sympathy or group conformity and amplify these effects with AI-supported methods such as voice cloning and deepfakes. Wick's recommendation: consciously gain time, ask questions via a second channel and interrupt reflexive actions by actively questioning.
• Vulnerability research in Red Teaming: Manuel Feifel, Tech Lead Security Research, and Dario Weiss, Penetration Tester, showed why Red Teaming goes far beyond traditional penetration tests. While pentests test specific vulnerabilities, red teaming simulates real, advanced attackers over longer periods of time and puts the effectiveness of cyber defenses through their paces. Their key finding: many security-relevant products are insufficiently tested, while AI further accelerates the search for vulnerabilities. Red Teaming uncovers precisely those gaps that are particularly critical in day-to-day operations.
• Cloud security architecture of DevOps and platform security: Cloud security fails less due to technologies than due to a lack of strategy and integration. This thesis was underlined by Daniel Lötscher, Cyber Security Consultant and Adrian Damm, Prinicpal Cloud & Data Security Consultant, using concrete practical examples. Separate on-premise and cloud worlds, tactical ad hoc decisions and excessive operational demands lead to dangerous misconfigurations and blind spots. Their recommendation: Cloud security must be strategically conceived - with integrated monitoring, clear responsibilities, protected identities (MFA) and a 360-degree view of platforms, data and workloads.
• Security boost in the Microsoft ecosystem: Uwe Lüthy, Head of Cloud Competence Center, and Roger Eisenacher, Lead Engineer Microsoft Security, explained how companies are making the switch from reactive to proactive security with Microsoft's Unified Security Operations Platform. The focus was on the topic of exposure management: it is not individual vulnerabilities that are critical, but their linking along real attack paths via identities, endpoints, cloud assets and data. The key recommendation: consistently integrate existing Defender components, make attack chains visible and prioritize security measures where they will have the greatest effect.

12 leading security and network partners provided insights into current technologies and solutions

The event was enriched by presentations from 12 leading security and network partners and offered participants a compact overview of current technologies and solutions. The presentations impressively demonstrated how cybersecurity is evolving along the lines of identities, cloud, AI and critical infrastructures.

Airlock explained why digital identities - for example in the context of e-ID - are becoming the central key to a secure digital Switzerland. Microsoft provided insights into the current threat situation and showed how AI, attack path analysis and integrated security platforms are changing defense.

Silverfort showed how companies can also effectively secure identities in hybrid and legacy environments. KnowBe4 shed light on the further development of human risk management in the age of AI and made it clear why awareness must be specifically geared towards human behavior.

To what extent are attacks and defenses actually shaped by AI and how does this manifest itself? Proofpoint outlined the current situation and explained the risks posed by autonomous agents. Palo Alto Networks outlined the future of modern security operations and the path towards more automated SOC structures.

In the network and infrastructure area, Extreme Networks demonstrated how holistic platform approaches bring together operations and security. Fortinet showed how zero-trust architectures can also be implemented in complex OT environments.

Claroty demonstrated why asset discovery is a key requirement for protecting industrial systems. Tanium presented approaches for autonomous IT and patch management to reduce operational complexity.

Akamai showed how micro-segmentation and intelligent security policies reduce the attack surface. Finally, Zurich Insurance categorized cyber risks from an insurance perspective and addressed the question of how technical security measures and risk transfer work together optimally.

InfoGuard Innovation Day 2026 - new dynamics, clear impulses

This 14th InfoGuard Innovation Day came to an end far too quickly! The numerous positive feedbacks and the new visitor record with over 850 participants show This virtual event hits the nerve of the times. The strong participation from the DACH region was particularly pleasing - a clear signal of the growing relevance of the format in InfoGuard's 25th anniversary year.

Attending the event again? Log in until February 22nd and enter

Did you miss a keynote or would you like to see a presentation again? The virtual event platform is still available until February 22. Log in with your existing account or register for the first time to discover the content of the InfoGuard Innovation Day on demand.

I wonder what the next Innovation Day has in store for you? You can be curious: The 15th edition of the Innovation Day will once again feature a number of innovations. It's best to make a note of this date today so that you can be there (again) next year. Or even better: register now - we look forward to seeing you!

Looking for even more in-depth cyber security insights?

Then the anniversary edition of our hybrid major event, the 16th InfoGuard Security Lounge, is just the right source of knowledge for you. It will take place on Wednesday afternoon, June 24, 2026. Register now and secure your place early! We look forward to seeing you there.

Caption: Image generated with AI