On the state of cyber security in Switzerland

7 April 2022.

We only hear about cyberattacks in Switzerland sporadically. Can you give a more precise figure of how big the problem is in this country?

With the increase of digitalisation and the advances of ubiquitous computing, cyberattacks are also increasing considerably. Companies and organisations are often targets of cyberattacks. Concrete and accurate figures are rather hard to get, since companies are often reluctant to report them.

In general (besides from the war) we can say that the number of attacks in Switzerland are rising – in 2021, we had twice as many reported attacks (21’700) than in 2020 (10’800) – but this makes sense due to digitization.

In a questionnaire – 1/3 of Swiss KMU’s (small and medium sized enterprises) said they had been attacked in 2021. Of these 1/4 experienced financial damage due to the attack. At the moment, we do not have more attacks in/towards Switzerland due to the war. The activity seems to concentrate in the region Ukraine-Russia – and the attacks are basically towards these countries. The question is what will happen when the “hackers” are running out of/need money – then they might start attacking other countries, e.g., also Switzerland.

What kind of attacks are we talking about in particular and which areas are mainly affected?

Most cases of reported attacks in Switzerland are related to: Fraud, Phishing, and Spam. For instance, CEO frauds and fake support calls were reported often in the first half of 2021. Another threat are investment fraudsters that are trying to lure people to invest in cryptocurrencies with promises of enormous profits. It is also quite concerning that in general 20 percent of people are clicking on links in a “phishing” attack that could be used to collect sensitive information e.g. passwords, credit card information etc. In 2021 there has been an almost fivefold increase of phishing attacks in Switzerland compared to 2020; mainly due to the higher number of reports of emails and text messages with bogus parcel notifications.

Another important type of attacks is malware, with some involving encryption software (ransomware). Ransomware is a form of malware that encrypts the victim’s files. The attacker demands a ransom from the victim in order to restore access to the data upon payment (ranging from a few hundred CHF to six-digit figures).

Ransomware now ranks first in the list of the most frequent cyber security incidents. One of the reasons why ransomware attacks have risen so much is because cyberattackers are increasingly viewing it as the simplest way of making money. Once a ransomware has been created, it can be used to infect many targets. These ransomware demands commonly reach six-figure sums and, since the transfer is made in bitcoin, it is rather easy for the attackers to launder it without being disclosed. Ransomware attacks are often successful because organisations pay for the ransom demanded, considering that it is the quickest and easiest way to restore the functionality of their network, although authorities warn never to give into the demands of extortionists.

What is the situation regarding the investigation of cybercrimes?

Cyberattacks are becoming an increasing concern for the security and economy of Switzerland. Every day attacks are been performed against companies, organisations and authorities in Switzerland. On average the National Cybersecurity Centre (NCSC) of Switzerland receives more than 300 reports regarding successful or attempted cyberattacks every week. However, we need to highlight that these reports are submitted only voluntarily basis thus the dark numbers of cyberattacks might be much higher. This implies that often many attacks are not reported mainly since companies are often reluctant to report them due to the impact these attacks may have on their image. For this reason, the Federal Council in an attempt to strengthen the reporting system since January 2022 by obliging the operators of critical infrastructures to report cyberattacks to the NCSC in order to get a clearer picture of the current situation. However, we need to note that currently the obligation for reporting attacks is only limited to operators of critical infrastructure and not yet for other companies.

How does Switzerland compare internationally in terms of defending itself against such attacks?

In general, many Swiss companies and institutions are on top of cybersecurity, implementing measures and staying fit – but others have the false hope or opinion that they cannot and will not be a victim of an attack. Thus, it is important to strengthen the importance of cybersecurity in the management of these companies to prevent successful attacks. Awareness and education is one of the main defences we have against cyberattacks. With the master program in Computer Science at HSG we are active in contributing in education and awareness for cybersecurity. That is very important and will be very rewarding for Switzerland in the long-term.

Where do you see the most urgent need for action in this country?

Attackers generally prefer rich targets, and frequently the ransom demanded is rather high and may reach six-digit figures. That said, it is important to safeguard organisations and critical infrastructure that could be targeted by attackers. For instance, it is known is that during covid time hospitals were already on the target lists of cybercriminals and were particularly affected by ransomware. The pandemic has resulted in a significant increase of cyberattacks against hospitals, healthcare, and medical research facilities as well as on medical personnel and international public health organisations.

Furthermore, an important concern is that cyberattacks may damage the reputation of the Swiss financial centre or could create a financial crisis is one important concern. What is rather encouraging is that recently (5th of April 2022), the Swiss Financial Sector Cybersecurity Centre (Swiss FS-CSC) was founded in Zurich, which aims to increase the cyber resilience of the Swiss financial centre and strengthen the cooperation between financial institutions and authorities in the fight against cyberthreats. The Swiss FS-CSC will facilitate the exchange of information between financial market players and improve the cooperation regarding management of cyber threats and adopting preventive measures. Members of the FS-CSC include more than 80 banks, associations and insurance companies. Initiatives such as that can prepare Switzerland for major incidents in the future.

Prof. Dr. Katerina Mitrokotsa is full professor for Cyber Security in the School of Computer Science at the University of St.Gallen.

Image: Unsplash / Philipp Katzenberger