How can companies and organisations guard themselves against the deluge of cyberattacks? Swiss Cybersecurity Days had some answers, with experts in agreement on exactly “how”.
Text: Andreas Heer, Picture: Swiss Cybersecurity Days/Donuts SA, 25
The relaxed atmosphere at Swiss Cybersecurity Days 2022 in Fribourg was entirely the opposite of the topics under discussion. The urgency of finally taking action in light of the current threat situation was a running theme throughout all presentations. Or, as Arne Schönbohm, president of the Federal Office for Information Security (BSI), put it so aptly: “After the devastating cyberattacks seen in recent months, what will it take for us as a society to finally do something about this?”
The methods by which companies and governments can take action were revealed over the course of the day.
The National Cyber Security Centre (NCSC) will increase its strategic focus on companies over the next few years. Florian Schütz, the federation’s delegate for cybersecurity and head of the NCSC, emphasised employee empowerment as a way of increasing security awareness within companies and boosting resilience against cyberattacks.
The founding of the Swiss Financial Sector Cybersecurity Centre (FS-CSC), which took place a day before the SCSD, also echoes this sentiment. The idea here is that cyber risks manifest themselves differently in every sector. No specific expertise is therefore needed to estimate risks. Sectoral cybersecurity centres are intended to improve industry-specific IT security.
Florian Schütz wants to renew the NCSC’s focus.
And Dreamlab's presentation of the state of Swiss cyberspace in 2022 demonstrated that there is a need for action. CEO Nicolas Mayencourt and COO and FHNW professor Marc K. Peter have created a map of Swiss cyberspace by examining publicly accessible IP addresses for known security loopholes. The number of loopholes has fallen by about 10% compared with the previous year. But with 106,000 potential attack vectors, there are still far too many. This also explains why despite its leading position in terms of competitiveness, Switzerland ranks only 42nd in the international Cybersecurity Index. Both experts emphasised the urgent need for improvement in order to protect this competitive position and called for company management to deal with cybersecurity once and for all.
Schönbohm also called for cybersecurity to be made a strategic focus by management boards. IT security needs to be considered in projects right from the start and not simply left to IT partners, and thus appropriate financial resources are also required.
And for critical infrastructures in particular, governments must work together to detect and prevent cyberattacks, a view also shared by Chris Inglis. The first national cyber director in the US and advisor to the Biden government believes that cooperation between business and government and between states is crucial, as individual parties are unable to detect certain attack patterns alone. This cooperation is therefore fundamental for effective cyber defence.
But Inglis also emphasised that reaction alone is not enough and highlighted the importance of resilience in preventing cyberattacks from the outset.
More on the topic: