Cyber attacks can hit anyone - even the most secure SME
No matter how modern the IT infrastructure of SMEs may be, if its protection is not ensured, it opens the door to cyber criminals. At GGA Maur's SME event, around 90 SME representatives learned from renowned experts such as Marc Henauer, Head of the Federal Reporting and Analysis Center for Information Assurance, and ETH Professor Jürg Leuthold, how they can deal with this and what is in store for them with the technological change.
On Friday, November 2, the communications company GGA Maur, together with ewz and Studerus AG, hosted an educational and networking event at the Kraftwerk in Zurich. Experts from business and science presented facts, trends and best practices on the topics of communication of the future and cybersecurity to over 90 participants.
Technological change offers more opportunities than problems
Jürg Leuthold made the start. With impressive facts and figures, the professor of photonics and communications at ETH Zurich showed how information technologies will develop in the future. "In 2000, we were satisfied with a transmission rate of 128 kbit/second. Today we need 1 Gbit/second, and by 2030 more than ten times that will be the standard." The use cases for new technologies are almost limitless - from customized clothing from 3D printers and numerous medical applications using machine learning to autonomous driving and cyborgs. "Information technologies will sustainably improve our standard of living. However, this requires the continuous expansion of the existing infrastructure," Leuthold said.
Physics is not a problem, that much is certain. According to the ETH professor, speeds of up to 1.01 petabytes per second can already be achieved in a single optical fiber in the laboratory today. Even with mobile data, the potential in terms of capacity is far from exhausted. Challenges in energy consumption, processor performance and optical components can be solved, Leuthold is certain. More difficult are the societal challenges arising from technological change - such as possible health hazards due to radiation, safety aspects and changes in the labor market and education system. "Technological change holds more opportunities than problems for us. But we must be prepared to adapt to the circumstances and realities. We won't contest the future with old ideas."
How much security is possible?
Marc Henauer from the Federal Reporting and Analysis Center for Information Assurance - MELANI for short - addressed cyber risks and challenges in his presentation. "Cyber risks arise from the use of IT to support processes and increase efficiency. They threaten every company regardless of industry or size." As information technologies become more important to businesses, the interconnectedness and value of access to information increases, according to Henauer. At the same time, this also increases the opportunity for fraud, espionage, extortion, sabotage and other cyber attacks. Henauer illustrated this with various examples, such as the WannaCry attack that crippled numerous computer systems worldwide in 2017. "Cybercriminals work in organized decentralized groups, continuously developing their methods and targeting their victims both virtually and physically. Complete protection is therefore impossible."
Henauer sees the solution for companies on another level. Cyber risks are only one part of a company's information security, because physical and personnel risks can also lead to corresponding attacks. "A technological solution makes sense as a security measure for IT. But for holistic information protection, companies need an overarching security approach that should be integrated into risk management at the executive level."
From the point of view of the opponent
Ivan Bütler, CEO of Compass Security AG, then offered a change of perspective. In December 2017, Bütler was able to successfully hack into the network of the energy supply company EBL in the canton of Baselland on behalf of SRF, despite the announcement, and switch off part of the Christmas lighting. "The Achilles' heel of the Internet is the people who fall for the hackers' stories and thus grant them access." This usually happens, for example, via a fake application on a USB stick or via a mail attachment. In the case of EBL, however, these approaches did not work, so Bütler relied on another trick.
A simple diversion at the EBL reception desk was enough to sneak a foreign technician into the company, who was able to install a malware program on the system undisturbed. "You shouldn't give out gifts - careless handling of email attachments, links or passwords is an invitation for hackers. A healthy measure of skepticism is appropriate," Bütler concludes.
Tips against cyber attacks
The topic of cybersecurity was rounded off by Hugo Bossard, CIO of Studerus AG. He explained how SMEs can deal with malware and presented specific firewall services from Studerus AG such as GeoIP or Content Filter for protection. According to Bossard, anti-virus and anti-spam services on the firewall are less effective.
In a second part, Bossard gave attendees five tips for ransomware prevention:
- As a solid first defense, SMBs should install a firewall.
- SMEs should make regular backups that are stored off-site and off-network and can be restored in an emergency.
- The operating system used should always be up to date on all computers used. Security updates reduce the opportunities for cybercriminals.
- Email attachments and unknown links should be handled with care and, if in doubt, should not be opened.
- An up-to-date anti-virus program belongs on every computer in the company.
More information: GGA Maur
