Cyberattack: finding the right partner to defend yourself

But what is law enforcement doing about cybersecurity? What are our law enforcement agencies and authorities doing to protect us, as cyber attacks multiply and the general public discovers the extent of the phenomenon? Absolutely no one is safe anymore and the recent attack, which affected private health data in Neuchâtel's medical practices, has struck people's minds.

The answer to this question was given at the last "Swiss Cyber Security Days", which took place in early April in Fribourg. And it is simple: do not count on the Confederation to replace the responsibility of the cantons, SMEs and private individuals. Everyone is responsible for their own safety.

Does 117 respond in case of a cyber attack?
To take a concrete parallel, in the physical world, protecting oneself from thieves, by locking one's apartment, by reinforcing one's security system, by putting a lock or a camera if necessary, is an individual matter. Everyone, private individual, SME, administration or association must get organized. Everyone must find the best way to ensure their cyber security. On the other hand, in the event of a burglary, in real life, the victims call the police, who respond. But who do we contact in case of a cyber attack? That's the priority question, and one that needs to be thought about now, to avoid serial trouble. Does 117 respond in case of a cyber attack?

Everyone has to organize themselves without relying on the state
The federal government has set up several strong competence centers to fight cybercrime and cyberthreats. Ueli Maurer's finance department, which was present at the Swiss Cyber Security Days in Fribourg, is the head of the National Center for Cyber Security (NCSC). On the military side, the army has been working for some years now on the creation of a cyber command, which will be operational in 2024, and a first battalion of specialists has been created. It is important to note that the primary concern of these military organizations will be to protect the infrastructure of the DDPS and will not be available to meet civilian needs as a priority. In addition, several cantons, such as Geneva and Jura, have increased their number of officers dedicated to cybercrime or have set up ad hoc structures. Fribourg has appointed a digital security commissioner.

This is certainly a good step forward. The public authorities are therefore in the process of organizing themselves. But it is to be assumed that these few additional staff will not be enough to keep up with the growing flow of requests. The 117 of the digital world is likely to be "busy" for some time to come.

One in four SMEs in Switzerland has already been attacked
But what about SMEs, the most frequent victims of hacking? The number of intrusion attempts recorded by Swiss companies has jumped by 65% compared to 2020, according to figures published in Le Temps by the Californian IT security specialist Check Point Software. According to recent market research, one in four SMEs in Switzerland has already been attacked, sometimes with fatal consequences. Ransomware attacks have increased the most. Hackers who have encrypted computer systems return the data in exchange for a ransom, which can amount to several hundred thousand francs.

Small and medium-sized businesses are the main target of data thieves. In response, companies such as ELCA have expanded their offer. They offer support for the entire chain, from anticipation to the restoration of systems, including protection and defense.

So what should we do? Defending yourself means having a reliable partner
SMEs do not have the same resources, in terms of finance or personnel, as large companies. However, they also possess sensitive data on their customers, suppliers and employees or strategic documents, which are of interest to the competition. The dangers of destabilization, linked to cyber attacks, are therefore very great.

So what can be done? It is not enough to install an antivirus, firewall, backup, encryption, etc.. It is also necessary to set up complete protection processes. All this requires investments and reliable partners, usually external, because most SMEs do not have their own teams dedicated to cyber security. This is understandable as these specialists are rare and maintaining their skills is expensive.

The difficulty lies in finding the right approach and the right partners. Visitors to a conference such as the Swiss Cyber Security Days will realize how difficult it is to make a choice, given the number of specialized providers. But which one to choose?

An understanding of this complex ecosystem
This partner must have a clear understanding of this complex ecosystem, of the threats and possible responses, on the whole value chain of the company. It is essential to take the time to choose a trustworthy, local partner who will serve as a coordinator for other specialists.

How can we help?

The ELCA Group, for example, with more than 50 years of experience in the implementation of complex systems, is today able to deploy the entire range of this virtuous chain, from anticipation to the restoration of systems rendered defective following an attack. With a sufficient number of specialists, the Group is able to respond at a moment's notice to requests from companies in difficulty.

I might as well say it right away, this has a cost, which is worth it, because a properly protected SME is no longer profitable for a hacker. It is therefore essential that everyone takes cybersecurity seriously so as not to increase the list of victims.