Data protection and data security
‘Cyber security is a matter for the management.’
What does the increase in cyber attacks mean for the healthcare system in Switzerland? And what are the key protective measures that a company can take? Pascal Lamia, the Swiss Confederation’s Deputy Delegate for Cyber Security and Head of Operational Cyber Security at the National Cyber Security Centre (NCSC), provides answers.
15 June 2022, Text: Michèle Vaterlaus, Image: National Cyber Security Centre (NCSC) 4 min
Reports of successful cyber attacks are on the rise. Whereas in the past you heard of them mainly happening in the US, cyber attacks are now increasing in Switzerland too. Is the situation getting worse?
Pascal Lamia: With the advancement of digitalisation and the associated reporting, companies’ and private individuals’ awareness of cyber security has increased. This means that incidents are more likely to be reported and victims of attacks are more likely to go public. The NCSC has noted a sharp increase in cyber incident reports in recent months. It can therefore be concluded that not only has awareness of cyber attacks increased, but also the cyber attacks themselves.
What are the biggest risk factors for a cyber attack on a company?
Lamia: The list of possible entry points is long. The greatest risks are systems that aren’t up to date or poorly secured remote access. However, in addition to the technical risks, insufficiently trained employees also pose a risk, since a lot of damage can already be prevented by staff doing the right thing. For this reason, it is very important to make employees aware of the topic and keep them informed of current cyber threats.
What can companies do to better protect themselves against cyber attacks?
Lamia: Cyber security is a matter for the management. If those in charge operate a comprehensive risk management system that includes cyber risks and ensures the most important organisational and technical protective measures are in place, an important step has already been taken.
Pascal Lamia is the Swiss Confederation’s Deputy Delegate for Cyber Security and Head of Operational Cyber Security at the National Cyber Security Centre (NCSC).
What are the main protective measures?
Lamia: I’ll mention the five most important protective measures. Firstly, patch management and life-cycle management. Security updates must be installed consistently and in a timely manner. Secondly, blocking dangerous email attachments, as well as macros in Office documents. Thirdly, securing remote access with two-factor authentication. Fourthly, offline backups. Data backups should be carried out regularly and then separated from the network. And fifthly, as already mentioned, it is essential to make employees aware of the topic. When provided with regular training, they can make a significant contribution to a company’s cyber security.
Which companies are particularly vulnerable to cyber attacks? Is there a difference between large corporations and SMEs?
Lamia: The size of a company plays a secondary role when it comes to cyber attack risk. Many companies that don’t appear to be obvious targets for a cyber attack are nevertheless exposed. This is because many attackers operate on a mass scale: they try to reach as many targets as possible that yield less profit but are easy to attack. All systems that are insufficiently protected or have a vulnerability are therefore at risk.
Media reports of attacks in the healthcare sector are also becoming more common. These include the recent attacks on two medical practices in Neuchâtel, a retirement home in Rotkreuz and the Pallas clinics last year. What makes healthcare facilities so attractive to cybercriminals?
Lamia: Attackers are targeting all vulnerable systems, regardless of what industry they belong to. The targets you mentioned received media attention because the stolen data was of a sensitive nature, and concern among the population was particularly great as a result.
What do the increasing number of cyber attacks on the Swiss healthcare system mean?
Lamia: Cyber security is a topic that will continue to gain importance in the future and will therefore require corresponding investment. Companies in all sectors need to address cyber security, take cyber threats seriously and also take suitable protective measures.
What specific advice do you have for medical practices to protect themselves?
Lamia: An important step in protecting against cyber attacks is to be aware that cyber threats exist, adapt your actions accordingly and implement the basic protection measures. Companies that lack knowledge of cyber security should outsource their IT security to external security specialists.
Is digitalisation of the healthcare sector at risk due to the increase in cyber attacks?
Lamia: Cyber incidents go hand in hand with digitalisation, and they must be dealt with appropriately. It’s almost impossible to imagine daily life without technological advances, which are becoming increasingly important for the economy and the population. Therefore, cyber security concerns us all. It is a challenge that we must solve together. With this in mind, the Federal Council launched the National Cyber Security Centre in 2020 to help the public, businesses, educational institutions and government bodies to protect themselves against cyber risks.
What is Swisscom Health doing in terms of data protection and data security? You can find more information on our website.