Cyber-attacks on companies: A threat to be taken seriously

The year 2022 has only just begun, yet the list of hacked companies is already considerable. For example, the car dealer Emil Frey, the CPH Group as Switzerland's only newsprint mill, and the globally active airport service company Swissport. The hacker attack on numerous Israeli government websites further illustrates that cybercrime affects all types and sizes of institutions.

Lack of know-how as breeding ground for digital attacks
Given the frequency of such attacks and their heterogeneous targets, the issue should already be set in the mind of private and public actors - but this does not seem to be the case. A study by the ZHAW shows that one-third of Swiss SMEs have already suffered a cyberattack. At the same time, business managements rate their IT security standards as "good" to "very good". This highlights the lack of awareness of this danger which, being digital, seems more elusive and therefore favors the successful and mostly unpunished implementation of such attacks. As an opportunity for monetary gain and media attention, the cyberattack is increasingly expanding its standing as a lucrative "business model" for criminals.

A convincing response to cyberattacks
The Cyber Incident Hub has set itself the goal of countering this development and making a considerable contribution to a higher awareness for a trained handling of cyberattacks. Three leading consulting firms, MLL MeyerLustenberger Lachenal Froriep, Farner Consulting, Oneconsult and the startup CYBERA have joined forces to form a broad-based interdisciplinary consortium considered unique throughout Switzerland.

Bundled expertise for damaged companies 
Successful prevention as well as eventual response to risks of cybersecurity require interdisciplinary collaboration across international borders. The Cyber Incident Hub meets the demand of covering the challenging and extensive stress field of this topic with the legal services (MLL), specialized in cyber, the incident response and digital forensics (response to and investigation of cyber-attacks) (Oneconsult) as well as crisis communication and reputation management (Farner) to the international response to fraudulently stolen funds (CYBERA).

The examples listed at the beginning, as well as the increasing reports on cyber-attacks in the media, clearly show that the attitude "this only happens to others, we are sufficiently secured" is not only naïve but can also bear fatal consequences for the working capacity or even the survival of the company.

An audit provides clarity
Here, the following should rather apply: "hope for the best but prepare for the worst". Investing in preparedness for a possible cyber-attack is essential to keep the impact of such attacks as low as possible. This is only possible if the company in its entirety thinks through the relevant processes in advance, plans them and implements them actively and preventively. Also, a well-founded analysis of the weak spots can often already reveal a multitude of the actual security gaps and rectify them. Thus, the company's cyber security can be expanded before any drastic events occur.

However, this understanding seems to be catching on increasingly among companies. Even though awareness and effective measures regarding cyber-attacks are still improvable, a growing interest in the topic is evident. As an indication of this, one of Switzerland's leading media companies has taken the risk of cyber-attacks seriously and has commissioned the Cyber Incident Hub team to examine its security structures and, together with the company, to define sound procedures that will enable a structured and targeted response in the event of an emergency. 

Taking preventative measures 
Our online activities, both professional and private, are increasing steadily. Unfortunately, the potential for criminal activity in this sphere is also growing. To counter the resulting increase of risk of cyber-attacks, it is essential to establish detailed and proactive measures and reliable structures of security. The threat on the Internet may be more subtle and less tangible, but the potential impact on a company is enormous. After all, you wouldn't leave your laptop with confidential documents unattended at Zurich main station, would you?

• Do you know how your company protects itself against cyber-attacks?
• Do you know the basic practice to make life for cyber criminals as hard as possible?
• Do you know how to react in case of suspicion?
• Is the risk of cyber-attacks a relevant topic yet in your company?

We will gladly answer questions like these in a non-binding first meeting. For more information on the individual companies MLL, Farner Consulting, Oneconsult and CYBERA as well as the portfolio of services, please visit our website.