The number of cyber-attacks in Switzerland is on the rise and the problem is expected to get worse – both in terms of volume and complexity of the crimes being committed. Many people and companies are unprepared for the onslaught, experts say.
Last year, 14,033 cybercrime cases were reported to police in Switzerland, compared to 11,575 in 2015 and 5,330 in 2011. A survey from the firm KPMGexternal link released this week found that 88% of Swiss companies have experienced cyber-attacks in the past year compared to 54% in 2016.
This might be just the tip of the iceberg. Analysts believe that many victims fail to report cyber extortion, or ransomware attacks, out of fear that embarrassing material could be released or company credibility called into question.
“There have been situations in which private interests such as reputational risk have outweighed the interests of a prosecution,” canton Zurich prosecutor Stephan Walder wrote in the KPMG cybercrime report.
The recent WannaCry ransomware attack, which struck 200,000 computer systems in 150 countries including hospitals, has highlighted the increasing cybercrime threat. Already last year, Switzerland’s cybercrime monitoring centre – the Reporting and Analysis Centre for Information Assurance (MELANI)external link – raised the issue through an awareness day.
“In recent months there has been a huge increase in the number of ransomware victims in Switzerland. It is not just private users that have recently been targeted by ransomware attacks, but increasingly small and medium-sized enterprises (SMEs),” MELANI stated in May 2016.
Despite the rise in cybercrime, Switzerland’s defences are patchy, according to experts. Switzerland’s armed forces have been told to step up their anti-cyberattack strategy. Most experts believe the largest firms in Switzerland have adequate defences, but the record of individuals and SMEs is less inspiring.
“Sometimes [SME] risk management is really quite reckless: ‘nothing has ever happened to us, so nothing ever will happen to us’,” said Walder. “This is a dangerous attitude.”
“Up until now, many SME bosses believed their company was too small to attract the interest of cyber attackers,” Palo Stacho, boss of the Zurich-based firm Lucy Security, told the Handelszeitung newspaper. But the latest trend of mass cyberattacks, targeting thousands of victims at once while demanding only a few hundred francs in ransom, has proved that theory wrong.
Even when security measures are put into place, they often make life more difficult for employees. Two-thirds of security companies surveyed by KPMG admitted that user-friendliness was low on their list of priorities.
“The user-friendliness of cybersecurity is crucial to tackling cyber threats,” said KMPG head of cyber security Matthias Bossardt. “The weakest link in the chain was, is, and always will be, the individual.”