Challenges of the Swiss cyber dimension

The digital transformation is a process of change that is permanently altering the economy, society and politics. In this process, also known as the fourth industrial revolution, our dependence on IT and the Internet is increasing. The cyber dimension permeates all physical dimensions, creating cyber-physical systems through which our lives are increasingly dominated, operated and controlled by computers. In addition to dependency, the risks of attacks on the IT infrastructure and the theft and loss of data are also increasing.

The various major Swiss studies conducted by the FHNW School of Business impressively show the state of the digital transformation in Switzerland. For several years, lack of time, lack of knowledge and lack of trained employees have been described as major barriers to transformation; cyber and data security are among the greatest risks. In the study on the transformation of the world of work in Swiss companies published shortly before Covid-19, workplace monitoring by employers and states was also newly cited as a risk (by one-third of respondents).

Covid-19 and the home office

Together with various research partners, representative SME studies were conducted in 2020 to analyze the state of the home office and cybersecurity between the first and second Covid19 waves.

In the context of workplace transformation, the term blended working (a work environment in which diverse forms of work and workplaces are provided) is often discussed, which also includes home office. In the first lockdown resulting from Covid-19 in March/April 2020, the number of employees who worked from home nearly quadrupled. Since then (prior to the second wave), home office has become more established and usage has increased by over half (by 60% from 10% to 16%) compared to before the first lockdown. In terms of the communication tools used, e-mail continues to dominate (at 84% of SMEs), followed by telephone, WhatsApp and other messenger services, and online conference tools.

Interestingly, more than half of the companies use messenger services and just under half use online conferencing tools such as Google Meet, Skype, Teams or Zoom. This means that company data often ends up abroad or is hosted by foreign services. This opens up further risks for attacks and data loss. One third (29%) of Swiss SMEs expect even more employees to work from home in the future. This means that cybersecurity will also come increasingly into focus:

Here, two-thirds of Swiss SMEs consider the topic important or very important. The larger the company, the higher the importance of cyber security. A study by Dreamlab Technologies was presented at the Swiss Cyber Security Days 2021, showing the sharp increase in global command-and-control (C2) infrastructures during the pandemic. These C2 systems are used to provoke the opening or calling of a website, for example, with phishing emails. Malware (Trojan horses) is then introduced via the C2 infrastructure and the computers are thus spied on and controlled.

Cybersecurity and SMEs

The 2020 study shows that a quarter of Swiss SMEs have already been the victim of a cyberattack, the remediation of which involved considerable effort. Of these, one-third saw financial damage and one-tenth each saw reputational damage or loss of customer data. In contrast, there is still a lack of awareness among companies of becoming victims of a cyber attack themselves: Only just 11% rate the risk of being put out of action for a day by a cyber attack as high. According to the study results, the most important technical measures for increasing cyber security are regular data backups, the use of antivirus programs, regular software updates and the use of firewalls. However, there is still a lot of need for action in terms of organizational measures: Only slightly more than one-third of SMEs regularly train their employees, only one-fifth conduct IT security audits and only one-sixth of SMEs have taken out cyber insurance.

The Swiss Cyberspace

In the third execution of the Swiss Cyber Security Days, the latest figures on the state of the nation, the Swiss cyber space, were presented. The Swiss cyber radar system CyObs analyzed the external or publicly accessible IT infrastructure with over 20 million IP addresses and 2.3 million .ch domains. The study identified over 100,000 published and known vulnerabilities.

These include, for example:
- 2900 vulnerabilities in email server software (exim_rce)
- 2400 directly addressable Windows systems no longer supported (EOL)
- 837 vulnerable FortiOS installations
- 400 directly responsive and vulnerable iLO control systems
- 322 administrative control systems infected with Bluekeep
- 197 publicly accessible unprotected databases
- 118 networks which could be attacked with Eternalblue

The various studies show that the topics of digitalization, home office and cyber security have gained in importance in the Covid-19 environment and that Switzerland still has a lot to do. It is time to perceive the cyber dimension not only as a risk but also as a competitive advantage for business, society and politics and to invest accordingly.