Have I been pwned?

The recent attacks on IT companies and service providers have been a predominant topic at MaxBrain. Recently, all of my co-workers received emails because of the hack of a famous online comparison platform called comparis.ch. Immediately, I changed my password and checked on "Have I been pwned" for any other platforms that have been hacked and compromised my personal data. It turned out that my login credentials were already compromised previously, due to an attack on an international platform that many people use for business, as well as in private. This blog is all about cyber security and what you can do to improve it. Cyber security is a major topic in Switzerland, the Financial Times recently reported that especially Swiss watchmakers and banks are under more frequent attacks. Estimates show that cyber crime will cost the world $ 10.5 trillion annually by 2025 (according to Cybersecurity Ventures) - this is $ 10,500,000,000,000. Many companies have already strengthened their security against such attacks and there are several ways that you can protect your company’s reputation and assets.

The most common cyber-threats in Switzerland Phishing...

is a special type of social engineering in which criminals "fish" for information with fake messages via e-mail or the Internet. Typically, they impersonate banks or software companies and ask for your passwords. Modern phishing no longer requires emails, but uses infected websites or even directly interferes with communication between companies and customers to scam for information. The criminals then use the victim's identity to steal money.

Ransomware... the purpose of ransomware is literally to extort a ransom. For example, a corporate network may be infiltrated by a program that encrypts all of the company's data, which will only be made readable again - if they are lucky - when the ransom is paid. "Blackmail Trojan" is another name for ransomware, as the malicious program is infiltrated into the company's or an individual's computer system like a Trojan horse and then spreads throughout the network.

Denial of Service (Attack)...In an attack of this type, an internet service or its servers are overloaded with attacks so that its users can no longer gain access. Compared to other threats, a DoS does not steal or damage data, the goal is simply to render servers inoperable, making internet services temporarily unavailable. 

Social Engineering..., loosely translated as "social manipulation", refers to behavior aimed at getting people to divulge confidential information. Social engineering takes place over the telephone, among other things. The caller spies on his victim in advance. During the conversation, he weaves in tidbits of information to build trust and make his role more credible. For example, a criminal poses as a representative of the authorities, an employee or a computer specialist in order to obtain data such as passwords or credit card details. His goal is to either penetrate corporate networks or directly extract money.

3 of the 4 threats have one thing in common. All occur because internal people are involved. Research has shown that time and time again, the human factor tends to be the weakest link. You can insure your company against cyber threats, but if you do not tackle the human factor of the problem, in this case your employees, you will never be completely protected.

Cybersecurity Threats for Companies and What to Do Against it

The most effective way to protect your organisation against cyber-threats is a combination of cybersecurity technology and upskilling your workforce on the topic. Switzerland is home to some of the world’s most innovative start-ups when it comes to deep tech, which includes IT-security. Some of the more well known cybersecurity startups include:

xorlab: Email Defense Platform
xorlab helps enterprises prevent communication and collaboration-based threats like e.g. ransomware, phishing, business email compromise with their machine-intelligent SaaS defense platform ActiveGuard.

Futurae Technologies AG: Identity and Access Management
Secure logins can be complicated and are not always secure. The authentication process developed by Futurae Technologies, an ETH spin-off, is secure and simple. Banks, insurance companies, and other service providers use Futurae’s technology. (https://www.venturelab.swiss/Switzerlands-TOP-security-startups-2020)

Exeon Analytics AG: AI-driven security analytics
The Network Detection & Response (NDR) platform "ExeonTrace" offers companies the ability to monitor networks, immediately detect cyber threats and thus effectively protect their own company's IT landscape. For the last 10 years the self-learning algorithms have proven themselves in the daily business of major international customers and are constantly being expanded and refined. (https://www.top100startups.swiss/Exeon)

If you are interested in the Swiss Cybersecurity Start-up scene we recommend checking out the Swiss cybersecurity map.

Even with these innovative and state of the art defense systems in place, companies cannot forget to work on the other crucial element: their workforce. It is vital to secure  your organization by empowering your workforce to navigate the ever-increasing number and sophistication of cyber-attacks. While there may be a large  amount of training content available, the question remains how your people understand the content and engage with it. We therefore recommend a platform with curated content by top providers in order for your workforce to access it on a regular basis and learn as part of their  daily routine. Together with our clients and content partners such as digicomp and WEKA, individual cyber security & threat training is easily accessible.

To be extra safe against cyber threats there are insurance options to protect yourself against malicious attacks. Even if you use the right technology and your workforce is aware about the threats, taking out insurance helps you sleep soundly at night. If you are not sure how your organization is protected against cyber-threats, we recommend you take the test of ICT - the swiss umbrella organization for the digital economy.

Contact us to minimize the human risk factor, our experts will help you with a customized solution that perfectly complements educational technology and curated content.

Information sources and further reading:
avira.com
ubs.com/ch/de/corporates/digital-business/cyber-security.html
cysecmap.swiss/trends
digicomp.ch/trends/cyber-security/cyber-security
venturelab.swiss/Switzerlands-TOP-security-startups-2020