How to prepare an SME for cyber attacks

One Saturday, around five in the morning, employees of a company specialized in wholesale food distribution realize that certain digital data is no longer accessible: cybercriminals have infiltrated the computer system to retrieve sensitive information and demand a ransom.

This is just one case among many faced by Simon Seebeck, a cybersecurity expert at Mobilière. "For a company, the question is not whether it will be a victim of a cyber attack, but rather when," he emphasizes.

However, although the topic has become much more visible, no recent developments have been observed regarding technical and organizational security measures, regrets Nicole Wettstein, head of the Cybersecurity program at the Swiss Academy of Engineering Sciences (SATW). "While SMEs are certainly aware of the danger posed by cyber attacks, they are not taking any additional measures."

Nevertheless, a third of all SMEs with fewer than 50 employees have already been affected by a cyber attack, according to a recent survey conducted by the Swiss Digital Security Alliance. It must be said that our country represents a prime target for hackers, whether for industrial espionage or its robust economic health.

Randomly Targeted Entrepreneurs

All businesses are affected, from SMEs to multinational corporations, as noted by Simon Seebeck. "Most often, cyber criminals do not choose their targets; they attack computer systems using automated software and exploit existing vulnerabilities. Furthermore, it should be known that each stolen packet of data has intrinsic value, whether it's for demanding a ransom from the victim or selling the information to third parties."

However, the preferred method for cybercriminals remains identity theft, for example, by posing as a supplier and demanding an urgent money transfer to a new bank account. Hence the importance of regularly raising awareness among employees on this subject.

Anticipating Risks

Specialist Nicole Wettstein identifies several points of concern for Swiss businesses to become better prepared: lack of investments or qualified personnel, overconfidence regarding the likelihood of an attack. "Moreover, many SMEs are relatively advanced in the field of digitization, and their business model relies on a functioning computer system. A cyber incident can, therefore, have serious financial consequences."

And how should one respond to an attack? "The first thing to do is to disconnect all systems from the network and also disable the Wi-Fi network, if necessary, by contacting one's IT service provider. Additionally, it is important not to engage with criminals in case of a ransom demand, as they usually set a deadline from the first communication and continuously increase the pressure," explains Simon Seebeck. It should be noted that the new data protection law (see the theme of the month) contains certain new provisions that should also be kept in mind.

Cybersecurity is not something that can be delegated, warns Simon Seebeck. "It is the responsibility of business leaders, who should regularly review not only technical but also organizational measures. This includes knowing who has access to which data within the company, as well as drawing employees' attention to appropriate behavior on social networks related to their employment. Ideally, at least once a year, a cyber attack simulation should be conducted to precisely understand what happens if emails no longer reach their destination or if the server needs to be restored." It should be recalled that resolving a cyber attack often takes up to a week if recent backups are available and much longer when they are not...