Cyber attacks: Nobody is immune

Cyber attacks: Nobody is immune

Bank robberies are a thing of yesterday. Nowadays, anyone who wants to make a lot of money quickly has no need of a crowbar, a gun or a getaway car; all that is required is a good Internet connection, a sharp mind and lots of criminal energy. Hackers are everywhere.

Companies with 10 to 50 employees are at most risk: They are big enough to be interesting to hackers but not big enough to employ their own IT specialist. According to a current study by Zurich, two out of five SMEs have already suffered a cyber attack. A total of 27 percent have fallen victim to a computer virus, while 9 percent have had an email address abused by hackers, for example to send phishing emails.

Taking data hostage

Why are cyber attacks so common? It is because they can be highly profitable. An important goal of hackers is to infiltrate internal networks and steal data there. For example, such information can be of great interest to competitors or even to the hackers themselves if they assume the identity of a customer and go shopping with the latter's credit card. Another popular method is modern ransom blackmail, explains Zurich cyber expert Stephan von Watzdorf. "You no longer take the boss's daughter hostage, just all of the firm's data – it is blocked until the company pays a certain amount." Finally, there are also hacker attacks that do not involve any money but are simply malicious or politically motivated.

Business interruption – and reputational damage

It is horrifying to note that, as the Zurich study revealed, hacker attacks led to a complete interruption of business for 39 percent of the SMEs affected. Orders remained unprocessed, customers had to wait or production was interrupted. This alone can have fatal consequences for the image and financial situation of the company. However, if, for example, customer credit card details, personal emails or secret information turn up on relevant Internet pages, far greater damage can arise – financially and also in terms of credibility.

People are the weakest link

Hacker attacks can literally strike any company. Well-known major firms can become targets for political reasons – such as a construction company that erected the headquarters of a controversial religious community and was therefore attacked by a hacker group. Medium-sized "hidden champions" become victims of industrial espionage or blackmail attacks. Very small companies are also at risk, because their security precautions are often worse than those of larger firms. For all companies, emails are the most common gateway for targeted cyber attacks: In this way, employees unwillingly become accomplices. "People are the weakest link," explains cyber expert Stephan von Watzdorf.

The hacker as a Facebook friend

Private individuals are also at risk. As soon as someone's email address can be found somewhere on the Internet, a flood of spam emails follows quickly. These include advertising for dubious products, an exotic princess pleading for money or a concealed virus, which can be activated by a mouse click. Current phishing emails are highly professional imitations of business emails in text and design and are therefore hard to detect. Criminals also benefit from the readiness of people to share information with friends and the world on the Internet. A possible example: I show an interest on Facebook in taking part in a marathon and get a link from another participant for free preparatory training. But the friendly athlete is a hacker: one click on this link and the download of malware has already begun.

Hardly any prospect of punishment

It is sad but true to say that hackers are hardly ever punished. This is because their identity is often lost in the wide expanse of the Internet. The perpetrator may come from a "rogue state" and be acting on behalf of its government. They could be part of a hacker group financed by organized crime. Or it may be the 15-year-old "script kiddie" from the neighborhood, who launched his attack out of anger at the new company parking area, as he can no longer skateboard there. For this reason, wanting to call the perpetrator of a cyber attack to account is futile.

Reducing risk and coping with the consequences

"There is no absolute protection against hacker attacks," cyber expert von Watzdorf emphasizes. "Even the best security measures don't provide perfect security." However, the risk can be reduced by professional IT management and appropriate employee training. Swiss companies still have a lot of ground to make up: They not only need to protect themselves as well as possible against cyber attacks, but they can also mitigate their consequences. This includes by making backups consistently, ideally every day. The backup then has to be separated from the network and not used for new backups for a period of time. Otherwise the historic data will be lost. Moreover, every company needs an emergency plan. Apart from the question of insurance coverage, this also includes a communication concept for the worst-case scenario. However, the cyber theme does not just affect IT, as Stephan von Watzdorf emphasizes: "The consequences of attacks can be an existential threat to companies. This means that cyber attacks must be a matter for the boss – or at least be the responsibility of executive management."

Protect yourself against cyber attacks

Cyber attacks can never be completely prevented, but you can protect yourself against the consequences. The new Zurich Cyber Insurance for SMEs covers certain costs of a hacker attack, such as cleaning up computer devices after a virus attack or restoring damaged data. In addition, the insured are given access to experienced attorneys, who can provide advice on the assertion of claims for damages or the implementation of immediate legal measures. Optionally, you can also protect yourself against claims for damages from customers and business partners on account of stolen data as well as against the financial consequences of a business interruption after an attack.