The security industry confirms the three-quarter billion despite the Corona crisis. As a survey conducted by the association SES (Swiss Installers of Security Systems) shows.
industry statistics for 2020, the upswing is continuing despite Covid-19-related influences. Compared to 2019, the industry was able to increase by a further 13 million. This growth of almost two percent is particularly impressive in the current difficult market environment.

Nevertheless, there are again a few downers in 2020. It is noticeable that the Security section (EMA, VS, AC) again closed with negative signs in all areas. Price erosion on the one hand and the centralization and consolidation of bank branches, for example, contributed to the renewed decline. Fortunately, the Fire section (BMA, NLA, TLA, GWA, SAA) was able to follow the upward trend that has been ongoing since 2017 and recorded an overall increase of over four percent.

Source: SES

There is a fire. Everyone has to get out, but no one is allowed in. Only the fire department is allowed in. Anyone who goes out should not be able to steal data and goods. And even when extinguishing the fire, caution is required - what if you destroy a centuries-old treasure in the process? There are several such conflicting goals in security. That's why security officers must always think and proceed pragmatically.

Burglary protection vs. escape routes and emergency exits

A classic example of such conflicting goals are the areas of burglary protection and escape routes. An escape route should always lead unhindered to a safe area and save people's lives in an emergency. Fortunately, such emergencies are rather rare. In very many companies, escape routes are therefore misused as temporary storage for fire loads and are blocked when they would be needed. The emergency exits, which must be freely accessible from the inside to the outside and also vice versa for the fire department as an escape route, are blocked by parked vehicles or are often even locked.

Because the danger of and the fear of a burglary is omnipresent. Anyone who has already been affected by a burglary then takes it even more closely. In a detailed reworking of the event, among other things, the windows are also provided with massive iron grids. However, this changes the overall concept. Because when fleeing people find escape routes blocked or cut off by heavy smoke, they try to get out of the building through the windows - in these cases, unfortunately, unsuccessfully.

Access control vs. intervention

It goes without saying that sensitive company areas require access control. Unwelcome visitors have no access here. However, the fire department or rescue service are very welcome in an emergency. So these company areas must also be accessible for intervention. But is security then still a given? Well-secured front doors, window grilles or safety glass can be dangerous, especially in combination with a concept that has not been discussed with professionals. Quick access without a key becomes much more difficult. Therefore, key tubes for intervention forces should also be installed to ensure access. And of course, the intervention forces must know these key tubes, so they must be instructed.

Evacuation vs. theft protection

Questions also arise about an evacuation of the building: Who may and should trigger this? Getting the affected people to safety is, of course, the absolute priority. So it would make sense if anyone who recognizes an incident can trigger the evacuation alarm. But is it always mandatory to evacuate the building, or could this even be abused to get out of the building unhindered and undetected with stolen data or goods? So what is more important, the safety of employees and guests or the protection against theft?

Occupational safety vs. investments

Especially in occupational safety, financial resources are often an issue. The lack of them, or quite simply the disproportionalities that inevitably arise here and there, must nevertheless not be circumvented. Of course it is disproportionate to purchase an elevating work platform in order to be able to change the bulb of one lamp twice a year. Of course, it is not proportionate to buy a forklift in order to be able to accept a brochure delivery every second year.

In many cases, however, after a close look at the processes and concrete planning, there is even the possibility of saving many financial resources and thus making them available for other things. Often a higher efficiency can be achieved, also with concrete communication. Indeed, the supplier of the brochures can be informed about what equipment is available or how to deliver the brochures so that their unloading does not pose a danger. And, by the way, there are working platforms for rent. Even if the organization of such things is often lost under time pressure, it is very useful. Of course, dealing with working platforms also requires explicit training and instruction, which can further drag out the problem solving.

Ergonomics vs. fire protection

In some companies, the concepts and thus the flows of people and the organization of work change when there is a change of ownership. This often happens when the first user moves into a new building. The building is simply not built for the use for which it is then needed. Emergency exits and escape routes no longer correspond to the original idea, fire doors are kept open with wooden wedges so that employees can pass through unhindered.

But in the event of a fire, a fire door must be closed. There are retention magnets for fire doors that make this possible and keep the door open during the day, but close it automatically in the event of a fire. However, these retaining magnets must be connected to the fire alarm system for this to work - and this fire alarm system must in turn be checked regularly according to the manufacturer's specifications, usually annually.

Fire protection vs. monument protection

If a fire breaks out in a museum, for example, you can't per se handle massive amounts of extinguishing liquids. Let's take the Abbey Library of the St. Gallen Monastery: In the event of a fire there, it is very important to protect the stored values. You can successfully extinguish fires with a sprinkler system, but the books may end up just as destroyed as if they had burned. What should be prioritized now?

Innovation vs. safety and rescue concept

Let's take the example of gastronomy: more and more often, restaurants have to come up with very special offers to attract guests. Innovative as they are, restaurants with a special clientele from certain regions of the world often rely on cooks, assistants and menus from these regions in the kitchen. This often means completely different cultures and also a completely different approach to safety. A simple training course will then by no means bring about the desired effect. So you have to do even more checks and improvements, which costs a lot of time and money.

Another innovative idea is adventure gastronomy. Today, there are overnight accommodations in igloos, in straw or on the mountain, often far away from infrastructures, only accessible on foot or by cable car. This makes a rescue concept quite difficult. If someone suffers a heart attack there and the cable car is not running because a storm is coming up, it takes a very long time for the rescue service to arrive on the scene - far too long. So there would need to be paramedics or at least trained first responders on site.

Conclusion

Safety does not really know any compromises. If you neglect safety at one point in order to make compromises, you are basically prepared to endanger human lives or accept monetary damage to the company. Nevertheless, due to the formulated conflicts of objectives, only pragmatic solutions are really successful. The first priority must always be the integrity of the human being. Facilities that require special attention must not be assessed only by an expert from one field.

They require overall concepts developed by experts from the fields of occupational safety, fire protection, emergency management, intrusion protection, access control and intervention. The hazards must be identified and analyzed. In addition, target-oriented measures must be implemented, for example according to the STOP principle (substitution, technical, organizational and personal measures). But how? Close cooperation with the authorities is often indispensable, especially in the case of larger infrastructures. And the realization applies: with professional planning, (consequential) costs of incidents, accidents or even fatalities can be prevented. Safety means saving lives, preventing tragedies and securing economic success.

Ms. Eger, the first wave of the pandemic posed enormous challenges for companies worldwide. Since then, personnel resources have changed significantly in many companies. Was it possible to take advantage of a learning curve at all? There were practically no breathers.

Almut Eger, Emergency and Crisis Management, Management 4m2s: Yes, I've noticed a very steep learning curve in many companies: The initial lack of understanding of a completely new situation has in many cases developed into a good level of self-confidence in how one's own company can be managed. The processes are familiar, and the changed working conditions are well established. This does not mean that many people are not scratching the edge of overload or have exceeded it. The decision-makers and people involved in managing the extraordinary activities have done an incredible job, and I hope that everyone was able to use the 2020 holidays to recharge their batteries. Because this extraordinary situation will accompany us for a while and will continue to demand a lot from us ...

Has it now become clear who has implemented a functioning BCM and who has not?

Yes, that was very significant - in all industries and company sizes. The main thing here is to have a view of the really priority things, so that a company can get through even a long lean period. And that includes knowing how these priorities can be influenced, internally and externally. And questions arise: How, for example, is it recognized whether and why other issues are now priorities - different from what was previously thought? How can it be quickly recognized when external influences shift priorities - and should it be reacted to, yes or no? And if yes: how? A small but important everyday example of this is the newly very high proportion of digital communication: this type of communication requires much more time to understand and coordinate. At the beginning, this led to a lot of friction loss, "sand in the gears." Processes and workflows had to be changed to compensate for this loss of time.

When and for which industries were BCM strategies last revised?

All that was "eh da" before now had to be specifically organized. Those who were aware of this suffered much less friction losses. In all personnel-intensive companies, respectively in the "office jobs," there was very targeted reflection on the working conditions under which the most positive performance possible could be achieved. For example, it was recognized that home office depends not only on the workplace, but also on ICT accessibility, from bandwidth to compliant transmissions to data protection. Take digital signatures, for example: What infrastructure do I need to provide that signature? The whole document flow had to change as a result, and quickly. Because the lack of signatures has led to compliance problems in many places. What's more, something that previously took just a few minutes to do now takes many times that. For example, meetings during construction phases in project management suddenly required an incredible amount of additional coordination.

How have company processes in general changed in crisis management since the first lockdown? A year ago, you mentioned a required team splitting and a clear list of priorities.

Team splitting was considered a dirty word a year ago at the start of the pandemic. Today, it's a universally recognized code word for keeping up a performance. Staying at work, even when slightly ill, and doing things from home where possible, was equally a hotly contested issue. Today, this is once again a matter of course, as it was the years before.

To even entertain the thought that employees in quarantine can and "will" continue to work and that this is an advantage: this thought was still completely abstruse in March. However, most entrepreneurs have now realized this and have to resort to it. Many employees would rather go into quarantine and continue working more efficiently instead of staying in the office.

But you still had to learn how to deal with such processes. Has the home office now become so well established?

Home offices and video conferences cannot replace face-to-face collaboration in the long term. But they can be used in a targeted manner. One customer said, "This is like a long training camp - we now get it and can use it. Can we please stop the training now and get back to business as usual?" No, of course we can't. Because we are now living in the new agenda. That means: we now have to specifically incorporate the achievements of the last few months into the new ways of working and the new ways of supporting and supplying each other. In this respect, priorities have partly shifted, and partly simply supplemented each other. The current crisis requires a great deal of perseverance in a crisis management situation.

You can read the full interview in the print edition of SicherheitsForum from March 3, 2021.

A federal government bill aims to improve the safety of transplants by means of a so-called Vigilance system increase. With the revision of the law, serious incidents and adverse reactions must also be reported to specially designated vigilance centers. In doing so, the Federal Council wishes to close a gap and establish a monitoring system that is equivalent to systems in other areas, such as medicinal products or medical devices.

In addition, electronic systems that contain particularly sensitive personal data are now regulated by law and no longer at ordinance level, as required by the Data Protection Act. This affects, for example, the waiting lists of organ recipients and the registers of people who are willing to donate blood stem cells.

Source: the Federal Council

The German Federal Office for Information Security has published a vulnerability in all public WLAN routers. The vulnerability in question is called "Frag Attacks" ("fragmentation and aggregation attacks"). Smartphones, tablets and smart home devices are also affected.

However, the vulnerability can only be exploited locally and in the vicinity of an access point. Affected users should check for updates for each existing WLAN device on the manufacturer's websites. If no updates are available, the risk of exploiting some vulnerabilities can be reduced by using HTTPS. The gap should therefore be less tragic for private users. However, the BSI is particularly sensitizing business enterprises, since certain environments could easily be sniffed out from the Fragattacks vulnerability.

The whole security warning can be read at the BSI as PDF view

A corresponding help tool from the BSI to track down affected devices can be downloaded from here download

Source: BSI

Digitization is also advancing inexorably in the healthcare sector. Globalized supply chains, computer-controlled logistics or electronic patient dossiers confirm this. But increasing digitization also offers potential attack surfaces for cybercriminals. Successful attacks in healthcare have far-reaching consequences. A data leak can affect particularly sensitive personal data. In addition, functional failures of IT systems or even temporary unavailability of data can endanger people's health or even their lives. The semi-annual report highlights current cases and the necessary protective measures.

Ransomware holds the greatest potential for damage

Incidents with encryption Trojans (ransomware) are among the events with the greatest potential for damage, because operational downtime and recovery cause great costs and, in the worst case, lead to a complete loss of data. Attackers demand high ransoms for the prospective decryption of data. In the second half of 2020, the NCSC received 34 reports on this from various business sectors in Switzerland. Around 80 percent of the reports concerned small and medium-sized enterprises (SMEs).

Another malware made headlines worldwide last year. After a break of several months, the NCSC again observed various spam waves of the "Emotet" malware since July 2020. Originally known as an e-banking Trojan, "Emotet" was most recently used primarily for sending spam as well as reloading other malware until then on January 27, 2021, Europol announced that the "Emotet botnet" had been deactivated by a coordinated effort of international law enforcement and judicial authorities. The semi-annual report provides insight into how "Emotet" works.

To the half-year report

Source: Confederation

The duration of the rolling assessment depends on the completeness of the data submitted and the results of the clinical trials. Swissmedic will be able to make a decision on approval once the assessment has been completed. Pfizer/BioNTech also submitted corresponding applications to the EMA (European Medicines Agency) and the FDA (US Food and Drug Administration) last week.

Swissmedic grants Novartis operating license to fill the Comirnaty vaccine

Companies that manufacture or supply medicinal products or transplant products in Switzerland require an establishment license. Swissmedic issues these licenses on the basis of a successful inspection, among other things. An establishment license proves that the company has the necessary resources and processes in place to ensure the quality of the products and to monitor them on an ongoing basis. At the end of April, Swissmedic granted Novartis an establishment license for the Stein production site (Canton of Aargau) for the filling and packaging of the "Comirnaty" vaccine on behalf of the marketing authorization holder.

Source: Swissmedic, Swiss Agency for Therapeutic Products

According to a statement, the federal administration wants to take advantage of the opportunities offered by bug bounty programs, clarifying the extent to which they can make a strategic contribution to the security of infrastructures at administrations and companies.

To this end, the National Cyber Security Center (NCSC), together with Bug Bounty Switzerland GmbH (BBS), is conducting a corresponding pilot project in the federal administration for the first time. The test began on May 10, 2021 and will last two weeks. As part of Bug Bounty programs, "ethical hackers" - hackers who legally search for vulnerabilities within a defined framework - are called upon to detect vulnerabilities in an organization's IT systems. For each vulnerability (bug) found and confirmed, the successful hacker receives a reward (bounty), graded according to the severity of the vulnerability found.

The federal government's pilot project is clearly limited in scope. Two IT systems of the Federal Department of Foreign Affairs (FDFA) and one of the parliamentary services were selected as targets. In addition, the circle of bug bounty hunters in this first test is limited to ethical hackers who are known to BBS or the NSCS and have already proven themselves in other projects.

Since the federal administration - as well as other regulated industries - have strict data protection requirements and demand a data location in Switzerland, BBS has developed its own Bug Bounty platform in recent months with technical assistance from Microsoft Switzerland, which is operated entirely in Switzerland. This platform is based on state-of-the-art cloud technologies and meets the needs of federal and other regulated industries such as critical infrastructure.

The implementation of the Bug Bounty program is the responsibility of BBS, but it will be closely monitored by NCSC and representatives of the DFA and Parliamentary Services. The test is intended to provide the basis for a discussion on the further procedure for the use of bug bounty programs.

Source: Federal Department of Finance

At the end of June, the Federal Office of Informatics is now to provide a more forgery-proof Covid certificate for vaccinated, recovered and negatively tested persons. The procedure was initiated by the Federal Office of Public Health (FOPH). The solution is to be EU-compatible and limited to the technical minimum, according to a statement from the FOPH. The source code will be disclosed.

The professional association of Swiss doctors (FMH) and the Swiss pharmacists' association Pharmasuisse will be involved in the project.

The BAG writes about the requirements:

The certificate must be user-friendly and easy to issue and quickly check, both in paper form and on a smartphone. Data security must be ensured. The personal data will not be stored centrally. Compatibility with the EU's "Digital Green Certificate" will be ensured. Switzerland is also cooperating in the World Health Organization (WHO) project for an internationally recognized certificate ("Smart Vaccination Certificate").

For the technical implementation, the FOPH has been examining technical solutions for the last two weeks. In the first phase, 52 projects have been submitted.

Source: BAG

According to the online magazine "Bleeping Computer" In the last few days, there have been an increasing number of reports from desperate Windows 10 users complaining about an annoying bug. This bug is said to generate thousands of files in Windows Defender and literally overwhelm the system memory. Microsoft has not yet commented on the problem, but promises a quick remedy.

In a Reddit thread, a user has already been informed by Microsoft that Redmond is aware of the problem and is working on a hotfix. The update has been distributed in normal release cycles since May 6 and should now be available to most users.

The solution is said to be to update Windows Defender or temporarily disable real-time protection until an update is possible. Affected are systems with engine version 18100.5.

Source: Winfuture.com

Many SMEs assume they are not an attractive target for cyberattacks. Only eleven percent of Swiss SMEs see themselves as potential victims of an attack that puts their business out of action for at least one day (gfs-zürich, 2020).

Outdated operating systems

There are numerous security holes that an attacker can use to gain access to a corporate network. One example is ransomware attacks - a specific type of malware - which are particularly successful with outdated software and hardware. Manufacturers of software and hardware use patches and updates to close subsequently identified vulnerabilities that can be exploited for an attack. In the case of outdated products, such updates and patches are no longer available, so that gaps can no longer be closed. In a ransomware attack, attackers exploit existing vulnerabilities in their victim's operating systems and encrypt or steal the data to demand a ransom payment for decrypting the data or for not disclosing the previously stolen data. Especially in times of home offices, the mixing of private and professional networks becomes a problem when security gaps exist. This is because many employees use the often less secure private networks when they work from home. Attackers could thus gain access to the company systems and appropriate data.

Supply Chain Security

Another security gap that receives too little attention among SMEs today is the role of the supply chain in the company. Many SMEs rely on a number of suppliers and service providers to maintain their business. On the one hand, there is the possibility that the purchased products already contain vulnerabilities - so-called backdoors, for example. On the other hand, an attacker can use a poorly protected supplier to gain access to the customer company's network and compromise it. A data protection breach that occurs at a supplier also affects the customer company. The WLAN can represent a security gap in a company and be used as a gateway for malware or hacker attacks. It is therefore fundamental that companies encrypt their WLAN with a secure standard and use a separate WLAN for guests. Employees should not use a public WLAN, as this is susceptible to attacks and, in the worst case, company data can be siphoned off.

Man as a risk factor

Often, the problem of a successful attack or data loss is not a lack of technical measures. The intrusion into the systems is often only made possible by employees. People are therefore still the number one entry point for cyber attacks. In phishing e-mails - one of the most common types of social engineering - criminals try to obtain login data or credit card information from their victims using professionally designed e-mails. The attackers often use publicly available information of these persons, so that the e-mails appear personal and reputable. In phishing, the victim is redirected by means of a click to a fake website where sensitive information is requested. Sometimes, the data is also obtained directly from the attacker's trustworthy-looking email. It is also possible that the mail recipient installs malware by opening a file.

How SMEs can protect themselves

The first step to improved cybersecurity for any company is risk awareness of cyberattacks. Cybersecurity must be addressed at management level. Employees should be made aware of the dangers in the network with regular internal training and thus sensitized to the topic. To increase their cyber security, around half of SMEs are already working with an external service provider.

The smaller the SME, the more likely the measures will be implemented without external support (gfs-zürich, 2020). Together with the federal government and associations, Digitalswitzerland and SATW, as part of the National Strategy to Protect Switzerland from Cyber Risks (NCS), have developed a Quick test and a guide developed. These tools are primarily aimed at SMEs with little knowledge in the area of cybersecurity and allow them and external service providers to determine where they stand. They also show which are the most important measures for a minimum basic cybersecurity protection. The following compilation shows a selection of the most important protective measures.

Be prepared for an emergency

In the event of a cyber incident, proper preparation is central and determines whether and how quickly an SME can resume operations. A quick and adequate response can decisively reduce or even avoid damage. To this end, it is important that SMEs align their organization to these threats and define appropriate processes: Examples include regularly backing up the company's data, storing it physically separate from the systems, and checking that the data can be restored and read.

It is also recommended that an emergency plan be drawn up and that access rights be assigned selectively. Since the human factor is so important in cyber attacks, it is important that employees are aware of the current dangers, know how to handle the technical means and comply with the most important rules. SMEs should therefore anchor the sensitization of employees in everyday company life.

Likewise, for the best possible protection, it is recommended to use secure and different passwords for different applications, to use a password manager, and to use two-factor authentication for critical services. On the technical side, an up-to-date firewall helps to protect the computer from unauthorized access. Updated antivirus software keeps viruses, worms and Trojans off the system. Old devices for which software updates are no longer available should not be connected to the Internet. When working with suppliers or service providers, it is important to ensure that partners comply with minimum cybersecurity measures. This is the only way an SME can minimize the risk of being affected by an attack on a partner.

Source: SATW

The electronic patient dossier (EPD) is slowly gaining momentum. The EPD is an electronic medical record. It can be used, for example, to store hospital discharge reports, lists of medications, X-rays or vaccination certificates. Each person can decide for themselves which doctors have access to the information in the dossier. People from Aargau who wish to do so can now open their own patient dossier. It can be opened at the Aarau post office.

For the opening and the necessary electronic identity (trustID), the branch employees are carefully trained and specially certified. During validation and opening, the strict requirements of the Federal Electronic Patient Dossier Act (EPDG) on data protection and data security are to be observed. With Baden, the next branch in the service area of the parent community eHealth is already planned: In June 2021, it will begin operations as the second EPD opening branch. In 2021, the Rheinfelden and Muri (AG) branches will follow as further opening sites.

"The launch is a milestone for the Swiss healthcare system," says Nicolai Lütschg, Managing Director of Stammgemeinschaft eHealth Aargau.

Source: eHealth