Despite the various alerts over the past months, 130 Swiss companies still haven’t patched security vulnerabilities affecting on-premises Microsoft Exchange Servers. GovCERT, the Swiss Computer Emergency Response Team, has now resorted to sending registered letters asking companies to fix the serious security gap.
In recent months, a striking number of companies have been affected by attacks stemming from this vulnerability, most recently, the car dealer Emil Frey and the CPH Group, which had to stop their paper production machines due to the IT issues.
An attacker who successfully exploits the vulnerability could access employees' emails, contacts and appointments as well as extract data. Additionally, the servers can also be misused to mine cryptocurrencies and introduce encryption Trojans.
“Anyone who does not react immediately in the face of such a serious, heavily exploited and well-documented vulnerability is acting negligently," says Nicolas Mayencourt, CEO of Dreamlab Technologies and Programme Manager of the Swiss Cyber Security Days.
Even foreign partners have reached out to the Swiss National Cyber Security Centre (NCSC) regarding the unsecured Exchange servers. "Obviously, our international colleagues believe that Switzerland is not taking its responsibility seriously enough. And they aren’t wrong: in this country, cyberrisks are indeed handled far too carelessly.”
A rating by the International Telecommunication Union, proves Nick’s point: Switzerland stands at the 42nd place in the Global Cybersecurity Index (GI), a measure of each nation states' level of cybersecurity development; ranking behind countries such as Serbia, Azerbaijan and Cyprus. All neighbouring countries are far ahead of Switzerland in last year’s ranking, slipping five positions since the rating published two years ago.
Read the full article (in German): https://www.derbund.ch/bund-mahnt-firmen-wegen-cyberluecke-114849412847