95

2021 INTEGRATED MANAGEMENT REPORT

FOSTERING A CYBERSECURITY CULTURE

This year we have taken our training and awareness activities beyond compulsory cybersecurity training for our professionals. Ac- tions undertaken include:

· Emulating real attacks such as phishing, vishing (via telephone), smishing (instant messaging) and use of fraudulent USB devi- ces.

· Training through the awareness-raising platform. · Multi-channel publishing of regular awareness-raising messages. · Celebrating Cybersecurity Day to boost management's engagement with security as one of the company's core values. · Joint training on cybersecurity and the General Data Protection Regulation (GDPR) targeting our service stations.

CYBERSECURITY PROTECTION MEASURES

New global service protection measures, extending monitoring solutions and capabilities.

Enhanced endpoint protection: computer hardening, hard disk encryption, USB port blocking and data leakage protection.

Strengthening of two-factor authentication, including additional measures for remote access.

Process automation based on artificial intelligence and machine-learning to detect potential malicious activity.

Reinforcement of our capabilities to respond to a potential cybersecurity incident, as validated on a regular basis by means of cyber exercises.