Last week there was a lot of discussion in the office about a prevalent topic, almost all of my colleagues received emails about the hack on comparis.ch, the well-known Swiss online comparison platform. I immediately changed my password and checked "Have I been pwned" to see if other platforms had also been hacked and my personal data compromised. It turned out that this had already happened once, when a large design platform used by many people worldwide for both business and private purposes was attacked.
This blog is about cyber security and what you can do to improve it in your own company. Cybersecurity is a big issue in Switzerland, with the Financial Times recently reporting that Swiss watch manufacturers and banks in particular are being attacked more frequently. Estimates show that cybercrime will cost the world 10.5 trillion dollars a year by 2025 (according to Cybersecurity Ventures) - that's: 10,500,000,000,000. Many companies have already strengthened their systems against such attacks and there are various ways in which you can additionally protect your company and thus preserve your organization's reputation.
The most common cyber threats in Switzerland
Phishing... This is a special form of social engineering in which criminals "fish" for information with fake messages via e-mail or the Internet. Typically, they pretend to be service providers (usually banks or software companies) and try to obtain password information. Modern phishing no longer requires emails, but uses infected websites or even intervenes directly in the communication between companies and customers in order to obtain information.
Ransomware... the purpose of ransomware is to extort a ransom. For example, a company network can be infiltrated by a program that encrypts all the company's data, which can only be made readable again if the demanded ransom is paid. "Extortion Trojan" is another name for ransomware, as the malicious program is infiltrated into the company's or an individual's computer system like a Trojan horse and then spreads throughout the entire network.
Social engineering... loosely translated as "social manipulation", refers to behavior aimed at getting people to disclose confidential information. Social engineering takes place over the telephone, for example. The caller spies on their victim in advance. During the conversation, he reveals small pieces of information to build trust and make his role more credible. For example, the criminal pretends to be a representative of the authorities, an employee or a computer specialist in order to obtain data such as passwords or credit card details. Their aim is either to penetrate company networks or to steal money directly.
Denial of Service... In an attack of this type, an Internet service or its servers are overloaded with attacks so that its users can no longer gain access. In contrast to other threats, no data is stolen or damaged in a DoS; the aim is simply to render servers inoperable, making Internet services temporarily unavailable.
3 of the 4 threats have one thing in common. They all occur because internal people are involved. Research has shown that the human factor consistently tends to be the weakest link in the cybersecurity chain. You can insure your company against cyber threats or use technology, but the vulnerability of the human factor in particular must not be ignored in this context. .
Cybersecurity threats for companies and what you can do about them
The most effective way to protect your company from cyber threats is a combination of cybersecurity technology and educating your employees on the subject. Switzerland is home to some of the most innovative start-ups in the world when it comes to deep tech, which includes IT security. Some of the better-known cybersecurity start-ups are:
xorlab: Email Defense Platform
xorlab helps organizations prevent communication and collaboration-based threats such as ransomware, phishing, business email compromise with its machine-intelligent SaaS defense platform ActiveGuard.
Futurae Technologies AG: Identity and access management
The authentication procedure developed by Futurae Technologies, an ETH spin-off, is secure and simple. Banks, insurance companies and other service providers use Futurae's technology.
Exeon Analytics
AI-driven security analytics. The Network Detection & Response (NDR) platform "ExeonTrace" offers companies the opportunity to monitor networks, detect cyber threats immediately and thus effectively protect their own corporate IT.
If you are interested in the Swiss cybersecurity start-up scene, we recommend you take a look at the Swiss cybersecurity start-up map
Even with these innovative and cutting-edge defense systems, companies must not forget to work on the other crucial element: Your employees/colleagues. It is crucial to sensitize and train your workforce to deal with the ever-increasing number and sophistication of cyber-attacks. While there may be a large amount of training content available, the question is how your employees understand and engage with the content. We therefore recommend a learning world with curated content from top providers so that your employees access it regularly and establish regular learning routines. Together with our customers and content partners, such as digicomp and WEKA, individual training courses on cyber security & threat defense are made easily accessible.
To further protect yourself from cyber threats, there are also insurance options. If you already have the right technology in place and your staff are properly trained, taking out insurance will help you sleep soundly at night. These are offered by all major insurers.
Get in touch with us to minimize the human risk factor, our experts will help you with a tailor-made solution that makes perfect use of educational technology and curated content.
Sources and further links:
avira.com
ubs.com/en/corporates/digital-business/cyber-security.html
cysecmap.swiss/trends
Cyber Security Professional ("CSECU")
venturelab.swiss/Switzerlands-TOP-security-startups-2020