More than half of Swiss firms are unprepared for cyberattacks on their networks as the so-called “Internet of Things” becomes a reality, a study has shown. Meanwhile, new information has come to light in the recent hack of the RUAG defence firm.
Research from the consultancy firm KPMG reveals that 54% of the 60 Swiss businesses it surveyed had been victims of a cyberattack over the past 12 months, and 44% of those attacks had major effects on day-to-day business.
KPMG pointed out that the effects of cyberattacks are being compounded by the fact that many physical devices and appliances are now networked, resulting in the so-called Internet of Things or Industry 4.0.
“Through the Internet of Things, cyberattacks can result in physical damage in the offline world,” the study found.
According to KPMG, the most popular types of attacks on Swiss networks are malware - hostile or invasive software - phishing, when internet fraudsters impersonate a business to trick you to give personal or professional information, and social engineering, where victims are manipulated by false identities, either on social networks or through posing as someone in an official role.
The study suggested that firms not only consider external cyber threats but also internal ones, since attackers often take advantage of individuals working for companies to gain access to networks. Therefore, KPMG recommended making cyber security part of company culture and discussions and not simply relying on defensive technologies to avoid cyberattacks.
Last year, KPMG reported that Swiss companies suffered losses of over CHF200 million ($201 million) due to cybercrime in 2014.
20 Gigabytes stolen
The Swiss Defence Ministry and the defence contractor RUAG, which are closely linked, recently made headlines as victims of separate hacking attacks. Yesterday, the government announced in a report that more than 20 Gigabytes of data had been stolen in a sophisticated attack on RUAG that began in 2014. Although initial reports indicated that Russia was behind the attack, the government did not name the suspected identity of the attackers. A federal investigation into that matter is ongoing.
The government said that it is “very likely” that data from an administrative Microsoft Outlook directory of federal employees was acquired in the hack. However, officials said no private employee information was accessed.
The attack on RUAG was carried out over many months by using sophisticated malware belonging to the Turla family of Trojans. Turla uses an impenetrable code to remain undetected for a long period of time.
The report from the Swiss government’s Reporting and Analysis Centre for Information Assurance (MELANI) also said that the RUAG hackers exercised great patience in carrying out the cyberattack, accessing only the information that interested them.
swissinfo.ch with agencies