Cybersecurity in Switzerland: “We are attacked every day, every hour, every minute”

class=”sc-cffd1e67-0 iQNQmc”>

Blick: Mr. Schütz, you are wearing a pin on the occasion of the 150th anniversary of the Basel Zolli on Veston. What animal do you think of when you think of cyber attacks?
Florian Schütz: Many hacker groups use animals as group symbols. For example, pro-Russian activists have used the bear as a symbol of Russia in their attacks. Eagles and hawks are also common. I think the elephant is a good metaphor. Cyber ​​defense is the elephant in the room: Everyone thinks cybersecurity is important, but concrete steps are still a long time coming.

The federal government entrusted the private company Xplain with secret documents, which were then stolen and leaked in a data theft. How dramatic is that?
The good news is that of the 121 classified objects, none fell under the highest level of secrecy. But the mere fact that confidential and internal documents have been leaked is worrying.

What are your biggest takeaways from the Xplain debacle?
The federal government must improve data management. We need a central overview of which supplier has which data. We have a very decentralized system, every office works differently. It took us a long time to analyze the data to find out who was actually affected by the data breach. For further information we must wait for the completion of the administrative investigation.

What do secret documents have to do with a private provider?
The federal government depends on outside IT vendors because if it wanted to develop every piece of software it uses itself, we would need a huge development department. It makes sense to purchase certain IT products. But this raises the question of what data the supplier actually needs. And how we ensure that the data is deleted later.

The data breach also affects lists with the names of hooligans. Are they still floating around on the dark web?
I think so. You can’t delete virtually anything on the dark web. Servers of hacker groups are seized during international raids. But you still can’t assume that the data will no longer be on the dark web afterwards. Whatever is published is published.

What is a good password?
Nowadays, a password alone is no longer sufficient. We need two-factor authentication, for example password plus code via smartphone.

Still: what would be a good password?
I recommend memorizing a sentence and using the first letter of each word. You can replace an e with a 3 or an s with a dollar sign, i.e. “3$” instead of “es”. This makes the password harder to crack.

Are data thefts and server sabotage damaging Switzerland’s image?
No country is safe from cyber attacks. 95 percent of the incidents have a criminal nature. As a rich country, Switzerland is particularly vulnerable. The hackers know: she can pay.

Should Swiss companies pay – or accept leaks?
We strongly advise against accepting the demands of the blackmailers. Because each attack funds six to ten more attacks, making the problem worse. If no company paid more, we would have significantly fewer hacker attacks.

Have you reported an attack today?
Cyber ​​attacks happen every day, every hour, every minute. It’s 9:30 am. Today we have had 21 reports so far, for example in the area of ​​PayPal phishing. But also several emails with blackmail along the lines of: “We hacked your video camera and filmed you while you were watching porn.” In most cases this is fictional. Still, some feel caught and pay out of sheer panic. But not all cases reported to us were successful attacks.

Why are cyber attacks so difficult to control?
Many companies don’t do their homework. You know something needs to be done, but you don’t act consistently.

Why is that?
In management there are often more pressing problems. Cybersecurity is an invisible threat. It only becomes concrete when there is an acute problem. But economic interests also play a role. Cyber ​​security costs money.

The Swiss army discusses the risks of the new Microsoft Office because Word, Excel and Co. will be cloud-based in the future.
Outsourcing data to a provider that makes correspondingly high security investments makes perfect sense from a technical perspective. However, organizational security aspects must also be taken into account. This means that data from providers in the US can end up on an American server. US courts could force these companies to hand over the data.

Russia intercepted an explosive conversation between high-ranking representatives of the German Bundeswehr who consulted each other via Webex. Are programs like Webex or WhatsApp a no-go for you?
At the federal level we have clear guidelines: we use Threema as a messenger. We have special systems for secret exchanges.

You used to work for Zalando. What distinguishes the Bund from a fashion mail order company?
Zalando has other priorities. Delivery times are very important when trading online. We have done everything we can to ensure that delivery times cannot be affected by hacker attacks.

Source:Blick