What if cities united to defend against cyber attacks?
In terms of cyber attacks, the communes of Valais are very exposed. At the end of December, the Valais Minister of Institutions and Security, Frédéric Favre, made no secret of the threats that public entities are currently facing. In Valais, as elsewhere, the Communes remain the big losers in the fight for cyber security. Rolle, Montreux and Bülach were victims of cyber hackers, but today, all municipalities are in the firing line.
Hence the question: isn't it time to pool the efforts of fighting? And isn't federalism an obstacle in the fight against cybercrime?
A permanent danger
Imagine that you have debts, that you have fallen on welfare or that your child has had to use social and educational services. Would you want this to become public? Would you want this information to be broadcasted on the darknet? Would you want your private life to be the subject of conversation in your local grocery shop?
It is well known that the theft of data during cyber attacks can seriously damage the reputation of many individuals and permanently destroy the trust between the public and the administration.
The federal government has published a guide for municipalities as part of its "National Strategy to Protect Switzerland against Cyber Risks 2018-2022". The document gives concrete recommendations on how to protect oneself from cybercrime, the basic principle being, that the attacker always has the advantage. Being aware of the dangers is a good start of the solution, as the methods of cybercriminals are now well known. In most cases, hackers trick a local authority employee into opening an e-mail attachment, clicking on a link, entering personal data such as passwords or even making a payment.
Whether it is through Ransomware, malicious software that is sent in large numbers, often by e-mail, through e-Banking Trojans, programs that allow hackers to access e-Banking accounts or through phishing, the modus operandi of Internet criminals has become more professional and is now very well developed.
How to protect yourself?
The Confederation recommends that municipalities appoint a person responsible for the various tasks relating to the security of IT systems within their administration. A good strategy against cyber attacks begins with well-defined and well-tested processes. It is also imperative to make a complete inventory of the sensitive data that should be protected as a priority. Raising staff awareness of cyber security issues is also central. Finally, it is advisable to carry out security updates. Old software is a popular entry point for malware.
How to make these costs acceptable: Pooling resources
The advice provided by the federal guide is valuable, but in the fight against cybercrime, as in all matters, Switzerland favours federalism. Clearly, the cantons and municipalities must take responsibility for their own security. The question arises as to whether the scale of the threat does not require a different kind of leadership, one from above.
After all, the Confederation and the cantons invest considerable resources in ensuring the security and physical integrity of the population. Why shouldn't they do the same for their digital security, which is a major issue today?
Can all municipalities in this country afford to employ security professionals?
In the meantime, the first step could be a pooling of resources, especially among small municipalities. The same applies to public authorities as to small and medium-sized enterprises: the larger ones can manage and afford internal security teams. For the smaller ones, on the other hand, the expenses are difficult to assume, and it is they who today run the greatest risks. Hence the need to pool resources to enable a genuine security assessment, which is an essential step before any investment decision.
The ELCA Group, which is very active in the fight against cybercrime, has developed a methodology specifically for small organisations. It allows a professional assessment of the state of defence to be carried out in a few hours. A sort of inventory of fixtures.
It is time for Switzerland to do everything it can to try to put an end to the digital Wild West. This requires closer collaboration between public institutions and the private sector, which is constantly reinventing itself and innovating in defence techniques.
Contact our expert
Christophe GERBER
Senior Vice President ELCASecurity
Meet Christophe GERBER, our Senior Vice President at ELCA Security. Contact Christophe to discuss how he can help propel your cybersecurity initiatives forward.