In the past two years, no fewer than 70 (!) percent of Swiss industrial companies have been the target of at least one cyber-attack. This alarming fact has been revealed by recent research conducted by Swissmem, the trade association for the Swiss mechanical, electrical and metal industries. In this article, you will find out about the most common causes and kinds of attack, the extent of the damage, why industrial companies are particularly at risk, and what measures you can take to protect yourself.
Let's get the bad news out of the way up front – these days, cyber-attacks are a permanent threat. They affect every company, however large or small they may be. However, SMEs and large companies are being particularly targeted. The potential damage is enormous and the consequences can be devastating, as well as extremely costly. In extreme cases, depending on the company, even the company's very existence could be at stake. The good news is that more and more companies are aware of the growing risks, and some are making targeted investments in awareness-raising measures. Methods of prevention measures are increasingly being implemented, but all the same there is still a great need for them. That's why we appeal to you to not allow your attention to waver. Quite the opposite, you need to put the issue of cyber security and cyber defence right at the top of your agenda!
Over 20 attacks – on one single company
Swiss industrial companies in particular have been cybercrime targets and victims in recent months. This is shown by recent research conducted by the industry association Swissmem (in cooperation with the Institute for Criminal Law and Criminology at the University of Berne) among its membership of approximately 1,200. In figures:
- In the last 24 months, over two thirds (N=270) of the companies operating in the metal, electrical and mechanical engineering industry (MEM) have been the target of at least one cyber-attack.
- Some individual companies have even been attacked over 20 times.
- Nearly 60 percent of companies suspect that they have accidentally fallen victim to a hacker attack.
- On the other hand, around 21 percent of the affected companies are convinced that they were targeted.
The following comment made by the leaders of the survey is worth noting: “A great many of the cybercrime attacks reported since the company came into existence appear to have taken place just in the past two years”
An overview of the most common kinds of cyber-attacks
Among the most common forms of attacks, the following three perennials emerge at the top of the list:
1. CEO fraud
In CEO fraud, cyber criminals attempt to initiate payments using a false identity of the company's senior management. Around half of the companies that have borne the brunt of a cyber-attack in the past 24 months have been impacted. This trend is also confirmed by our security experts at InfoGuard. Currently, they are observing a large number of cloud compromises, i.e. cyber incidents in Azure environments, primarily in the area of what is known as business email compromise, better known as “CEO fraud”. In many cases, investigations started at a hacked email box, revealing more hacked accounts because the Azure environment had not been well secured or monitored. Here we show you how to efficiently discover misconfigurations and vulnerabilities using a dedicated “One-Time Hunting Light” scan.
Around 43 percent of companies have fallen victim to what are called “phishing e-mails”. People are known to be the weakest link in the security chain, so raising awareness among employees plays a key role. You can find out how to tackle this in a concrete way in our free poster entitled “Don't give phishing emails a chance”.
Over 20 percent of companies have fallen victim to ransomware attacks, with high ransoms being demanded to get encrypted data restored. Learn all about the anatomy of ransomware and get tips on how to protect your business in our free ransomware infographic.
Damages amounting to as much as 2 million Swiss francs
As we have already mentioned, cyber-attacks can have dramatic consequences. The damage suffered by the companies impacted by them varies greatly. On average there were 25 protection and intervention measures in use at the companies in the survey. Thanks to these, around 82 percent of the cyber-attacks that took place did not result in any restrictions (14 percent), or only in minor consequences that were able to be remedied in the short term (68 percent). By contrast, for the other 16 percent, the attack led to noticeable operational constraints. For a good 2 percent, it even endangered the company's very existence.
- In just under 33 percent of companies, the cyber-attack committed resulted in costs of CHF 10'000 to CHF 100'000.
- For about 20 percent, the value of the damage was higher; for more than 6 percent, it even exceeded CHF 1 million.
- The highest amount of damages mentioned was around CHF 2 million.
Digitalisation versus Cyber Security
The main reason for industrial companies, in particular, becoming increasingly frequent victims of cyber-attacks is obvious – it’s down to progressive digitalisation. SMEs and large companies have the demand and the pressure to invest in digitalisation, more precisely in the ongoing development of operational processes, as well as their products and services. This is precisely where the dangers are lurking – among other things in decentralisation, which spreads the attack surface even further.
Why cyber security is a matter for bosses to deal with - and why it should be a top priority for senior management and the board of directors
One positive aspect – at least in this industry – is the fact that there is a growing awareness of cyber-attacks, and efforts are being redoubled. This is exactly what we, in particular our Computer Security Incident Response Team (CSIRT), are urging you to do. Prepare for an emergency and make the preparations that are needed. Along with the usual “suspects” such as the CIO and CISO, the members of the senior management team and the board of directors have the main responsibility for this. Find out the best way to tackle the challenges and what you should do before, during and after a cyber-attack in our exclusive cyber-resilience guide for the senior management team and the board of directors. It contains a concise checklist to self-assess your cyber resilience on one hand and a 7-point emergency plan including specific, detailed recommendations for action on the other.
What needs to be done when a security incident occurs?
Have you been hit already? Don't worry, we will provide you with expert support round the clock. Our Incident Response Retainer is aimed at companies and is the optimal solution when you need to act quickly, efficiently and effectively. Do not hesitate to contact our experienced security experts. We are there for you 24/7.