Doris Fiala's message in her welcome speech at this year's Swiss Cyber Security Days (SCSD) is straightforward: "We all bear responsibility." She emphasises that safeguarding against cyber threats requires collective effort to enhance cyber resilience. "By participating in the SCSD, you demonstrate that you are determined and ready to strengthen your cyber resilience," said the FDP National Councillor and President of the SCSD. Fiala underscored that this responsibility extends beyond individual and organisational resilience to encompass resilience at the national level.
Nick Mayencourt, founder and CEO of Dreamlab Technologies and Program Director of the event, reiterated this concept in a press conference: "It truly requires every single individual," he stated. Highlighting the interconnectedness of individuals and groups, he stressed, "To be resilient, our entire ecosystem must be resilient." Mayencourt explained that individual resilience depends on group resilience, and vice versa.
Mayencourt drew a comparison to a virus, stating, "If only I am resilient against a viral infection, it will not protect the space we are in here. Every chain is only as strong as its weakest link." In his speech, delivered alongside Prof Dr Marc Peter, Global COO at Dreamlab Technologies and lecturer at the University of Applied Sciences Northwestern Switzerland, Mayencourt demonstrated that Switzerland's metaphorical cybersecurity chain does not have just a few weak links.
Once again this year, the duo presented - as they have in previous editions of the SCSD - an analysis of Switzerland's threat landscape and its attack surface. They delved into questions such as what is actually connected to the internet in Switzerland and how susceptible it is to hacking. The findings are concerning. Reflecting on the evolution of the data, Peter remarked, "one could say that we are not doing our job well," in a somewhat joking yet serious manner.
According to the country-wide scan, Switzerland is accountable for approximately 28 million IP addresses, 3 million servers, and nearly 2 million domains. Throughout their investigation, they uncovered nearly 12.3 million open ports. However, even more concerning are the over 2.5 million vulnerabilities identified. These vulnerabilities are exclusively known security flaws. This means, on one hand, that there are measures available to close these gaps. On the other hand, exploiting them doesn't require expertise - the instructions and tools for doing so are readily available on the internet.
"Let me reiterate: These are only the publicly known and documented vulnerabilities," Mayencourt cautioned, suggesting there may be additional unknown vulnerabilities. “This list of vulnerabilities is like a menu for cyber criminals - but at the same time, it's also a to-do list for defenders. Many of these vulnerabilities could be mitigated through good cyber hygiene practices. So, patch your software," he advised. "It costs nothing and doesn't hurt."
The problem is not solely technical; it also has organisational implications. "We all recognise this as a problem, but we're falling short in our efforts," stated Mayencourt. "We must clearly define our responsibilities and uphold them," he emphasised. "We need to talk about digital rights, cyber peace, and product security." Concluding the presentation, Mayencourt urged action with the appeal, "Let's take action now."
Read the full article (German only): https://www.netzwoche.ch/news/2024-02-21/resilienz-eigenverantwortung-und-cyberkrieg-im-all-die-scsd-sind-zurueck
