The 6 Biggest Cybersecurity Risks For Swiss SMEs

In recent years in particular, Swiss companies have shown how flexible, modern and digital they can be. In more and more companies, employees are staying in their home offices for longer periods of time and many processes are being digitized. But with all these measures, the risk of cyberattacks also increases, which is why companies need to keep a closer eye on their cybersecurity. In this article, we will take a closer look at a selection of the greatest cybersecurity risks for companies in Switzerland. 

Cybersecurity And Its Value In Today's World

It’s not a surprise that companies have been increasingly focusing on digitization, especially since 2020. But unfortunately, it’s not enough to set up a cloud, acquire digital tools such as the Microsoft suite, and provide employees in the home office with a laptop – because almost all of these areas harbor dangers and attack surfaces.

Cyberattacks usually have different targets:  

• Access to sensitive information
• Alteration or destruction of sensitive data
• Blackmail
• Interruption of business processes

With good IT systems and security measures, companies need not worry, or at least worry less, about being affected by such attacks. But nowadays, it is becoming increasingly difficult to guarantee digital security. On the one hand, because there are now numerous devices per person. Accordingly, it must be ensured that all these devices are equally protected, especially since many are now networked with cloud services. By default, antivirus programs are already set up on these devices, but this protection is not always sufficient. Hackers and other cyber criminals are also getting trickier and developing new tactics to sneak into people’s and companies’ systems. According to a report by the gfs-zürich research institute, around one-third of the Swiss companies surveyed were affected by cyberattacks in 2021.

 

The 6 Biggest Cyber Risks For Swiss SMEs

1. Human risk factor and social engineering
2. Phishing and malvertising on social media
3. Malware and ransomware
4. Gaps in endpoint security
5. Cloud Security Gaps
6. Zero-day Exploits

1. Human risk factor and social engineering 

In a previous 2019 blog post, we took a closer look at why humans are the biggest risk factor when it comes to cybersecurity. Even three years later, this has unfortunately not changed: technology can be quickly brought up to the latest security standards by experts, but teaching people what to look out for in terms of cybersecurity is significantly more extensive. Dinotronic therefore offers Cybersecurity Awareness Training, where you and your employees can learn basic knowledge about current and consequential cyber risks.

This is because there are many ways in which humans can pose an increased risk. Whether through carelessness, for example by using insecure passwords, or negligent behavior by using devices for professional and private purposes. Research shows that nearly a quarter of employees are storing sensitive information in unapproved cloud applications or granting family members access to company devices. Thus, there is a great risk of data loss, even if it is mostly unintentional.

Social engineering as an attack variant targets these behavioral patterns by specifically exploiting employees’ weaknesses. One example is that attackers collect information from their victims and misuse it for phishing emails. A far more invasive and specific variant is SIM swapping, where criminals gain access to the victim’s SIM card and can then control incoming and outgoing messages and calls. They also use it to gain access to social media accounts, banking apps or cryptocurrency wallets.

Accordingly, it is particularly important to train employees, regularly remind them of measures and keep the IT security of the company’s own devices, tools and new technologies up to date. The zero-trust model, in which higher security measures are taken, also lends itself to this. We explain exactly what is behind it in this blog post.

2. Phishing and malvertising on social media 

A particularly widespread method of cyberattack is so-called phishing. The term is derived from the English word for fishing. The lures are fake websites, emails or messages, which are supposed to appear as if they are from trusted sites or partners. The goal is to obtain sensitive data.

A newer variant of this is malvertising on social media. This term describes malicious advertising via online ads. Ad placements via Facebook, Instagram and other portals can thus be used to insert malicious code snippets in banners or other advertisements. Uninitiated users click on them and unknowingly install malware.

3. Malware and ransomware 

Probably the best-known cyber risks include malware and ransomware. Malware refers to malicious programs and software that are placed on users’ devices through security vulnerabilities to perform harmful functions. With ransomware comes the extortion aspect of it. Files of users and entire companies are blocked by encryption, and only the payment of ransom promises the release of information. This system has been around for many years, and the threat of malware and ransomware continues to grow. In 2021, attacks in Swiss SMEs will still be most frequently carried out via malware, viruses or Trojans, according to a study by the gfs-zürich research institute.

4. Gaps in endpoint security 

Especially due to home office and remote work, it is becoming increasingly important for companies to protect their end devices from cyberattacks. Savvy attackers are less and less likely to be detected on endpoints, and antivirus programs are usually insufficient against advanced malware. In order to adequately protect the devices, extensive technical security measures such as firewalls and malware protection are required, as well as organizational measures that are firmly integrated into the processes and daily use of the devices. This includes identity protection via multifactor authentication and the strict separation of private and professional end device use.

5. Cloud Security Gaps  

Cloud applications are becoming increasingly popular, especially in this day and age: they offer location independence, flexibility and speed. But cloud services also harbor risks such as outages, cyberattacks, unauthorized access and even data loss if security measures are inadequate. One should be aware of these threats and adapt the security strategy to cloud applications accordingly. Access management is one of the most important disciplines in this regard. With our Managed Security Services, we manage complex networks for you and ensure the security of your cloud.

6. Zero-day exploits 

A zero-day exploit is an attack via a previously unknown vulnerability. Mostly, zero-day exploits target operating systems, browsers, office and open source applications, hardware and firmware, and the Internet of Things (IoT). These attacks can therefore take different forms, and it is correspondingly difficult to protect against such cyberattacks. Therefore, it is important to take preventive measures and perform the latest updates of the applications and operating systems in use. Firewalls and comprehensive antivirus software solutions can also help. In addition, you should only install applications that you really need and, even in this case, inform employees about the risks.

What We Can Learn From These Risks?

Attacks on corporate cybersecurity continue to increase in the wake of digitalization. One of the most important first steps is to become aware of these threats to your company’s security, and then take the appropriate action. This includes, in particular, training employees to develop a common understanding of cybersecurity risks. In addition, all your systems should be kept up to date, comprehensive antivirus software should be installed, and a modern IT infrastructure should be built to facilitate continuous adjustments and checks. Artificial intelligence can also help support your IT security. In this blog post, we explain how AI can also be used sensibly for SMEs in Switzerland.

With our extensive know-how, we at Dinotronic are your reliable partner in the field of cybersecurity. You want to know how your IT security is doing? Learn more about our Cybersecurity Risk Assessments today, which can help build a cornerstone for your successful cybersecurity.