In the midst of the pandemic and rising geopolitical tensions, cyber attacks are on the rise, fueled by conflicts like the Ukraine war. The aftermath of the coordinated attacks in June 2023, targeting Geneva's airport, cities, and businesses, underscore the severity of the situation. These automated attacks are causing increasingly significant financial consequences, with worldwide predictions suggesting that losses could exceed 10 trillion Swiss francs by 2025. Swiss companies reported 34,000 cases in 2022 alone, with one-third of all SMEs experiencing the adverse effects.
In a recent interview with the State Secretariat for Economic Affairs (SECO), Nick Mayencourt discussed the challenges arising from this situation.
Why is Switzerland a target?
The country's pharmaceutical, electronic, and finance sectors makes it a prime target. Surprisingly, despite its role as a global financial center and a leader in commodities trading, Switzerland occupies the 42nd position in the Global Cyber Security Index of the International Telecommunication Union (ITU), behind Tanzania and Kazakhstan.
SMEs as prime targets
Cybercriminals are now redirecting their focus to less protected targets, particularly SMEs. One prevailing trend is the emergence of Ransomware-as-a-service (RaaS):
"RaaS toolkits are conveniently available for rent on the Dark Web, with 24/7 customer support, for just a few hundred francs."
Despite a growing awareness of the issue and significant incidents occurring across the nation, SMEs are still underestimating their vulnerability and failing to implement essential defense measures. The threat is compounded by over 400,000 new malware variants emerging daily. The aftermath of an attack involves days, or even weeks, of operational standstill, reputational damage, and breaches of customer data.
Encouragingly, even with limited resources, SMEs can fight back without incurring in substantial costs: routine software updates, robust firewall configurations, and employee training serve as effective barriers:
“Well-trained staff members serve as the most potent weapon in the battle against cybercrime.”
In addition to government-led cybersecurity efforts, Nick proposes the introduction of regulations that outline the behaviors, rights, and duties of SMEs, as well as the creation of incentive programs aimed at mitigating the costs required for setting up adequately secure information systems.