Cyber attacks: How companies can protect themselves in the current situation

cyber hacker

Cyber attacks: How companies can protect themselves in the current situation

The coronavirus forces people to make contact with the world mainly through the computer. Hackers are making use of the coronavirus for intensified cyber attacks. Some even take advantage of the fear of the virus. Three experts tell us where the greatest dangers for SMEs on the Internet lurk – and how to protect against them.

Latest cyber attacks under the cover of the coronavirus

The Reporting and Analysis Centre for Information Assurance MELANI warns of scammers who are using the fear of the coronavirus for their cyber attacks: cybercriminals may, for example, pretend to carry out surveys on behalf of the Federal Office of Public Health. This is how they fraudulently attempt to obtain personal information. Fake e-mails on behalf of the FOPH in order to distribute malware have also been sent. In all cases the recommendation of MELANI is: do not react, do not click anything, delete everything.

Patrick Brielmayer, former hacker: Analysis of the cyber attacks

"I want to protect companies from the kind of person I used to be," explained ex-hacker Patrick Brielmayer. The IT graduate used to program viruses and Trojans or execute DDOS attacks, i.e. the deliberate crippling of web pages. He was never caught – "but I always had to watch out and was nervous." That's why Patrick Brielmayer has changed sides and set up an IT security company. Today, corporate customers willingly open their networks to him so that he can comb them for traces of cyber attacks. His specialty is analyzing malware, "I find out how the attack took place and what damage was inflicted." Brielmayer's mission: He wants to bring companies up to speed about the risks of cyber criminality and contribute to better protection.

Daniel Nussbaumer, Police Specialist: Assistance for victims

This concern also drives Daniel Nussbaumer. The lawyer with a PhD is the head of the cyber crime department in the Zurich Canton Police. His team now encompasses 15 detectives and 30 specialists in digital forensics, including many IT graduates. Increasing digitization has made police work more complex, since the Internet has created completely new ways to commit crimes. 

According to Daniel Nussbaumer, many SMEs are affected by, for example, “CEO fraud”: Cyber criminals recreate a typical e-mail from the boss. In it, he asks for an urgent payment of CHF 5,000 to be made. But when the bookkeeping department makes the payment, it ends up with the hackers. "Usually there are complete teams behind it all," he explained. "One programs, one's good at writing and the third one does the research." The police specialist advises to always double check by calling back in the event of unusual e-mails.

Ransom for company data

In addition, the Zurich detectives are often confronted by so-called crypto-ransomware: Malware encrypts all of the information in the computer system of the company affected. This is followed shortly thereafter by a ransom demand, usually in bitcoin. "Naturally, our advice is not to pay," said Daniel Nussbaumer. "Every payment finances new attacks." Furthermore, you never know whether the blackmailers will actually release the data. And if the hacker used previously unknown crypto-ransomware, even professionals cannot help. This is why Daniel Nussbaumer urges all companies to prepare for such attacks.

Stephan von Watzdorf, Product Manager: Protect against residual risk

Stephan von Watzdorf heads the team Professional Liability and Cyber Risks, which developed the Zurich cyber insurance. Crypto ransomware attacks are a grave problem for him. He even speaks of a security myth: "Many companies believe they're already protected with regular back-ups." However, if the back-up is not taken off the network it will likewise become the victim of an attack. Moreover, malware is often only activated weeks after the hacking attack. By then, the back-up is usually also already contaminated. "Moreover, it's a lot more expensive and time consuming to restore the data than people think."

People are the weakest link

According to the ex-hacker Brielmayer, the companies often only learn of a cyber attack when the attacker demands something – or the data of the company turns up somewhere. Feeling safe thanks to a firewall and anti-virus program is an illusion. You can obtain basic protection against known viruses with customary commercial instruments, but newly written malware will not be recognized: "It's a cat and mouse game." Therefore, it also makes sense for SMEs to sensitize their employees at least once a year in an IT security course. After all: "People are the weakest link, most of the hacks occur due to the inattentiveness of employees," the Zurich expert Stephan von Watzdorf is convinced.

Protect business secrets

Patrick Brielmayer considers the theft of company data to be the greatest cyber risk in Switzerland: "Every SME has its secrets with which it also makes money – ideas, recipes, construction plans or customer data, such as credit card numbers, bank data or insurance numbers." If this data gets out, it's pretty serious." Daniel Nussbaumer from the cantonal police force also confirms this. Every SME could become a victim and therefore has to ask which of its data need particular protection.

Entire web pages falsified

For Patrick Brielmayer, e-mail applications, faked complaints or product queries are the perfect vehicles for cyber attacks. These days, classic phishing e-mails are also often so well made that even an attentive reader could be deceived by them. Sometimes the hackers even forge complete web pages with forms, which cannot be distinguished from those of telecom companies or online department stores. Or the cyber criminals pretend to be technicians and ask for customer data by telephone.

Online shops particularly at risk

Companies with online shops are particularly at risk, in Brielmayer's view. If these are crippled with a so-called DDOS attack, business can break down for hours or even days. "It's even worse if customer data is stolen or published. I know of such cases – and they have far-reaching consequences." Patrick Brielmayer even thinks some Swiss companies may be paying "protection money" regularly to avoid having their online shops hacked. Daniel Nussbaumer from the cantonal police force does not know anything about this. He is convinced that with current technical precautions, a relatively large number of DDOS attacks could be prevented. "Yet there is no 100 percent protection – because hackers always discover new ways."

When hackers plunder accounts

Once the cyber criminals are inside the network, they procure the credit card data of customers, for example, use it to buy bitcoin and charge prepaid credit cards, explained insurance expert von Watzdorf. For SMEs, the reputational damage is above all relevant, but claims for damages can also arise. 

If their own money is stolen, many SMEs feel secure, which is a mistake. They believed their banks would be liable for the losses. "But that's incorrect," according to the Zurich expert. The cause in any case usually lies in the IT of the SME affected: For example, the hackers install a Trojan and observe the bookkeeper until s/he logs into their e-banking account. "The hackers then take over the session while the employee stares at a black monitor. Later he finds out CHF 100,000 have been transferred."

Anyone can become a victim

From Patrick Brielmayer's point of view, catching cyber criminals is very difficult, "They can be anywhere in the world." Daniel Nussbaumer sees this differently, "Complete anonymization doesn't hold up forever, because the perpetrators are people too. And people make mistakes." In addition, the Zurich cantonal police cooperate closely with the police authorities of other cantons and countries. "Consequently, we certainly have opportunities to catch foreign perpetrators too." Even money withdrawn can often be recovered.

Preventing attacks through reconnaissance

Nussbaumer regrets that many companies do not bring any criminal charges, "We probably only see a small portion of the cases. Consequently, we lose the opportunity to clarify the situation." His recipe for preventing cyber risks from becoming a catastrophe, "Prevent attacks through good IT and sensitization of the employees towards this issue. Limit possible losses. And if something happens after all: do not hesitate to contact us. It's no disgrace to become a hacking victim – it can happen to anyone."

Eight tips: Preventing cyber attacks – or reducing the consequences

  1. Keep operating systems up to date, because hackers exploit software vulnerabilities. This also includes replacing old operating systems like Windows XP, for which updates are no longer provided. It is also important to create an inventory of all company IT-assets such as computers and applications.
  2. Check user rights annually and in the event of role changes. This way you can prevent former employees from accessing the network.
  3. Install antivirus programs that detect and block malicious software and use a firewall that prevents unauthorized access.
  4. Use intelligent passwords that include special characters, combine numbers and letters, are at least eight digits long and do not contain your own name, for instance.
  5. Raise employee awareness and inform them about phishing, for example. After all, employees are the gateway for almost all cyber attacks.
  6. Perform regular data backups, even on a daily basis depending on importance. The latest backup should not overwrite the previous backup. Otherwise historical data may be lost. Sounds banal, but it's important: The backup should always be taken off the network so that it does not fall victim to the virus as well. You should also regularly test whether the data backup was successful.
  7. Risk analysis as a management task: What are my "crown jewels" and how can I protect them? This also includes professional crisis management with an emergency plan for cyber attacks.
  8. Check your insurance coverage: For example, Zurich Cyber Insurance for certain costs resulting from a hacker attack on. 

Protect yourself against cyber attacks

Cyber attacks can never be completely prevented, but you can protect yourself against the consequences. The new Zurich Cyber Insurance for SMEs covers certain costs of a hacker attack, such as for cleaning up computer devices after a virus attack or for restoring data. In addition, the insured are given access to experienced attorneys, who can provide advice on immediate measures. Optionally, you can also protect yourself against the financial consequences of a business interruption after an attack, or insure yourself against the theft of funds if a hacker has gained access to your e-banking.

More articles

trembling facility

The greatest threat lurks inside the earth

Earthquakes are the natural hazard with the greatest destructive potential. Yet many are insufficiently insured against them.

Cyber attacks: Nobody is immune

Bank robberies are a thing of yesterday. Nowadays, anyone who wants to make a lot of money quickly has no need of a crowbar, a gun or a getaway car; all that is required is a good Internet connection, a sharp mind and lots of criminal energy. Hackers are everywhere – and anyone can fall victim to them.