Immediate assistance following a cyberattack

One call and they are on the job: Swisscom’s IT security experts. Several times a week they are called out to provide assistance to companies of all sizes that have fallen victim to a hacker attack. Raphael Boullet, cyber security expert at Swisscom, explains why professional help is worth its weight in gold in an emergency.

The picture shows a lettering that says Network Software Backup with gaps.

Every week, we read in the media about new cyberattacks on companies, such as the recent attacks on copper producer Aurubis or the DAX-listed corporation Continental. Mr Boullet, you are a cyber security expert at Swisscom. Can you explain how a company can tell that it has been hacked?

The scary thing is that many attacks on companies remain undetected for days, if not weeks. During this time, hackers can access company data unnoticed, sell data on to criminals or even infect other systems. So the earlier an attack is discovered, the better. There are several signs of a successful attack. Access to data or systems might no longer be possible. Systems may not be as responsive. A password might no longer work and can no longer be reset. In all these scenarios, company managers should be on the alert and contact an IT security expert.

And what if their suspicions are confirmed?

The first priority is to stay calm and not take any rash action. It is important, for example, not to shut down IT systems under any circumstances as this can lead to major damage to data and systems. If the company does not employ IT security specialists or they are not available, it is advisable to call in an external professional to support you in the crisis and take the pressure off you. These experts are prepared for such incidents and regularly train for possible attack scenarios.

Swisscom’s IT security experts for example?

Exactly. The Rapid Response Team is part of the Cyber Security Incident Response Team at Swisscom. It is on call 24/7. In an emergency, the experts start by analysing the type of attack before deciding on the appropriate course of action. This includes analysing the affected systems and software, restoring any backup files and securing evidence. The case must be reported to the law enforcement authorities subsequently and charges filed. Finally, the experts prepare a report and recommend further measures to prevent possible follow-up attacks.

How often is this team deployed? And does it usually work with large enterprises or SMEs?

The team handles several jobs every week. At the moment, it mainly deals with ransomware attacks, but groups of hackers also sometimes attack specific companies. The size of the company doesn’t matter. Any company in any industry can be affected. SMEs in particular are popular targets because they often have IT security vulnerabilities. Especially in smaller companies, it is often just the boss or an employee that deals with the IT. So our team can make a huge difference here.

What has been your most difficult or biggest/most impressive assignment so far?

I can’t name names, of course.
But we once had a hospital attack that lasted several weeks. It started because e-mails from a doctor were diverted by an undetected Trojan. This was followed by a targeted attack using highly professional phishing, which spread malware throughout the system. Each time an attempt was made to reactivate the Internet, several hundred computers were infected within seconds. It required a huge effort to restore the system.

How does Swisscom recommend that companies to protect themselves against such attacks, especially SMEs?

The bottom line is that there is never a 100% guarantee, no matter how well you protect yourself. But of course companies can reduce their chances of falling victim to an attack. Professional data backups are crucial, as is protecting e-mails, the Internet and the network. However, it is almost more important to make employees aware of the dangers from the Internet. If they are attentive and able to recognise phishing, they will essentially serve as a human firewall.

Is the human factor therefore critical?

Of course, technical protective measures are very important. But it just takes a single employee to click on a phishing e-mail to open the door for hackers to enter the company – however sophisticated the protection measures. Raising awareness among employees is therefore crucial. In addition, it is important to consult with the management and define crisis communication. What are the most important points? Who needs to be informed?
Security involves more than IT; it is also about a well organised senior management. As well as raising awareness at the employee level, it is also important to address the issue at management level. This includes critically examining: “To what extent are we protected against cyberattacks?”

Contact us

Media Relations
Tel. +41 58 221 98 04

Latest news about Swisscom