Last week there was a lot of discussion in the office about a prevailing topic, almost all of my colleagues received e-mails because of the hack on comparis.ch, the well-known Swiss online comparison platform. I immediately changed my password and checked "Have I been pwned" to see if other platforms had also been hacked and thus my personal data compromised. It turned out that this had already happened once, in the attack on a large design platform used by many people worldwide, both for business and private purposes.
This blog is about cyber security and what you can do in your own company to improve it. Cybersecurity is a big issue in Switzerland, the Financial Times recently reported that Swiss watch manufacturers and banks in particular are being attacked more frequently. Estimates show that cybercrime will cost the world $10.5 trillion a year by 2025 (according to Cybersecurity Ventures) - that's: 10,500,000,000. Many companies have already strengthened their systems against such attacks and there are several ways in which you can further protect your business and thus preserve your organisation's reputation.
The most common cyber threats in Switzerland
Phishing... This is a special form of social engineering in which criminals "fish" for information with fake messages via e-mail or the Internet. Typically, they pretend to be service providers (usually banks or software companies) and try to obtain password information. Modern phishing no longer requires e-mails, but uses infected websites or even directly intervenes in the communication between companies and customers to scam information.
Ransomware... the purpose of ransomware is to extort a ransom. For example, a company network can be infiltrated by a programme that encrypts all the company's data, which is only made readable again if the demanded ransom is paid. "Extortion Trojan" is another name for ransomware, as the malicious programme is infiltrated into the company's or an individual's computer system like a Trojan horse and then spreads throughout the network.
Social engineering... loosely translated as "social manipulation", refers to behaviour aimed at getting people to reveal confidential information. Social engineering takes place, among other things, over the telephone. The caller spies on his victim in advance. During the conversation, he reveals small pieces of information to build trust and make his role more credible. For example, the criminal pretends to be a representative of the authorities, an employee or a computer specialist in order to obtain data such as passwords or credit card details. His goal is either to penetrate corporate networks or to capture money directly.
Denial of Service... In an attack of this type, an internet service or its server is overloaded with attacks so that its users can no longer gain access. Compared to other threats, a DoS does not steal or damage data, the aim is merely to render servers inoperable, so that internet services are temporarily unavailable.
3 of the 4 threats have one thing in common. They all occur because internal people are involved. Research has shown that the human factor tends to be the weakest link in the cybersecurity chain. You can insure your company against cyber threats or use technology, but above all, the vulnerability of the human factor cannot be ignored in this context. .
Cybersecurity threats to businesses and what to do about them
The most effective way to protect your company from cyber threats is a combination of cybersecurity technology and educating your employees on the subject. Switzerland is home to some of the most innovative start-ups in the world when it comes to deep tech, which includes IT security. Some of the more well-known cybersecurity start-ups are:
xorlab: Email Defense Platform
xorlab helps organisations prevent communication and collaboration-based threats such as ransomware, phishing, business email compromise with its machine-intelligent SaaS defence platform ActiveGuard.
Futurae Technologies AG: Identity and Access Management
The authentication procedure developed by Futurae Technologies, an ETH spin-off, is secure and simple. Banks, insurance companies and other service providers use Futurae's technology.
AI-driven security analytics. The Network Detection & Response (NDR) platform "ExeonTrace" offers companies the possibility to monitor networks, detect cyber threats immediately and thus effectively protect their own corporate IT.
If you are interested in the Swiss cybersecurity start-up scene, we recommend you take a look at the Swiss Cybersecurity Start-up Map
Even with these innovative and state-of-the-art defence systems, companies must not forget to work on the other crucial element: Your employees/colleagues. It is crucial to sensitise and train your workforce to deal with the ever-increasing number and sophistication of cyber-attacks. While there may be a large amount of training content available, the question is how your employees understand and engage with the content. We therefore recommend a learning world with curated content from top providers so that your employees access it regularly and establish regular learning routines. Together with our clients and content partners, such as digicomp and WEKA, customised cybersecurity & threat prevention training is made easily accessible.
To further protect against cyber threats, there are also insurance options. If you already have the right technology in place and the workforce is reasonably trained, taking out insurance will help you sleep soundly at night. These are offered by all the well-known insurers.
Contact us to minimise the human risk factor, our experts will help you with a tailor-made solution that perfectly uses educational technology and curated content.
Sources and further links:
Cyber Security Professional ( CSECU )