Cyberattack: finding the right partner to defend yourself

The answer to this question was given at the last "Swiss Cyber Security Days", which took place in early April in Fribourg. And it is simple: do not count on the Confederation to replace the responsibility of the cantons, SMEs and private individuals. Everyone is responsible for their own safety.

To take a concrete parallel, in the physical world, protecting oneself from thieves, by locking one's apartment, by reinforcing one's security system, by putting a lock or a camera if necessary, is an individual matter. Everyone, private individual, SME, administration or association must get organized. Everyone must find the best way to ensure their cyber security. On the other hand, in the event of a burglary, in real life, the victims call the police, who respond. But who do we contact in case of a cyber attack? That's the priority question, and one that needs to be thought about now, to avoid serial trouble. Does 117 respond in case of a cyber attack?

Everyone has to organize themselves without relying on the state

The federal government has set up several strong competence centers to fight cybercrime and cyberthreats. Ueli Maurer's finance department, which was present at the Swiss Cyber Security Days in Fribourg, is the head of the National Center for Cyber Security (NCSC). On the military side, the army has been working for some years now on the creation of a cyber command, which will be operational in 2024, and a first battalion of specialists has been created. It is important to note that the primary concern of these military organizations will be to protect the infrastructure of the DDPS and will not be available to meet civilian needs as a priority. In addition, several cantons, such as Geneva and Jura, have increased their number of officers dedicated to cybercrime or have set up ad hoc structures. Fribourg has appointed a digital security commissioner.

This is certainly a good step forward. The public authorities are therefore in the process of organizing themselves. But it is to be assumed that these few additional staff will not be enough to keep up with the growing flow of requests. The 117 of the digital world is likely to be "busy" for some time to come.

One in four SMEs in Switzerland has already been attacked

But what about SMEs, the most frequent victims of hacking? The number of intrusion attempts recorded by Swiss companies has jumped by 65% compared to 2020, according to figures published in Le Temps by the Californian IT security specialist Check Point Software. According to recent market research, one in four SMEs in Switzerland has already been attacked, sometimes with fatal consequences. Ransomware attacks have increased the most. Hackers who have encrypted computer systems return the data in exchange for a ransom, which can amount to several hundred thousand francs.

Small and medium-sized businesses are the main target of data thieves. In response, companies such as ELCA have expanded their offer. They offer support for the entire chain, from anticipation to the restoration of systems, including protection and defense.

So what should we do? Defending yourself means having a reliable partner

SMEs do not have the same resources, in terms of finance or personnel, as large companies. However, they also possess sensitive data on their customers, suppliers and employees or strategic documents, which are of interest to the competition. The dangers of destabilization, linked to cyber attacks, are therefore very great.

So what can be done? It is not enough to install an antivirus, firewall, backup, encryption, etc.. It is also necessary to set up complete protection processes. All this requires investments and reliable partners, usually external, because most SMEs do not have their own teams dedicated to cyber security. This is understandable as these specialists are rare and maintaining their skills is expensive.

The difficulty lies in finding the right approach and the right partners. Visitors to a conference such as the Swiss Cyber Security Days will realize how difficult it is to make a choice, given the number of specialized providers. But which one to choose?