Cyber-criminals no longer target only large companies, they also have SMEs in their sights. It is therefore crucial that companies protect their IT infrastructure – and yet they often have neither the know-how nor the resources to do so themselves. Security-as-a-Service providers are one answer to this dilemma.
Text: Ladina Camenisch,
Hackers are having a field day, with cyber-crime on the rise across the world and apparently unstoppable. Experts estimate that hackers will cause around USD 6,000 billion of damage between now and 2021, a two-fold increase in the space of just five years and almost ten times Switzerland’s GDP. Cyber-crime therefore remains the most lucrative field of criminality.
A study conducted at Zurich University of Applied Sciences by Professor Dirk Baier (2019) shows that cyber-crime is also booming in Switzerland. Although crime figures as a whole are showing a downward trend here, cyber-crime is on the rise. The study found that fraud in particular, including data theft, data system intrusion and fraudulent misuse of computer systems, was increasing. In its Cyber Security Report 2019, Swisscom noted that the number of targeted attacks was rising, with a trend away from random attacks towards targeted attacks. Companies were being exposed more and more to sophisticated forms of attack using ransomware, phishing, sextortion and social engineering.
State and police authorities have already responded to this new threat situation. The Swiss government, for example, has announced the opening of several cyber-crime centres across the country, with the involvement of the Federal Police Office and the Conference of Cantonal Police Commanders. Cooperation between police and state prosecutors, as well as regional cooperation in general, will also be strengthened. Several thousand employees of the Zurich cantonal police force have also received specialist training on how to deal with cyber-crime in the last few years.
Although, on the whole, these are positive developments, the likelihood of being the victim of a cyber-attack remains high. “It’s not just large companies that are concerned, but SMEs are being increasingly targeted as well,” explained Remi Schöb, director of Swisscom’s Security Operation Centre. “For companies, this sort of attack means not only financial losses, but, in many cases, serious harm to their reputation as well.” Their primary objective is therefore to avoid falling victim to an attack in the first place.
In order to protect themselves properly, companies need 24/7 security solutions, prevention measures that are constantly adapted, permanent monitoring and security experts who can take immediate action whenever required. At least that is the theory. In practice, however, very few companies can afford such costly security infrastructure. They often lack the means, know-how and human resources to create their own security department. Many therefore turn to one of the numerous Security-as-a-Service providers, who monitor their customers’ IT systems and raise the alarm as soon as they discover anything out of the ordinary.
The benefits offered by these providers are obvious: under the modular system, companies can select precisely the security services that they need. Whether it’s for a large bank or an SME, Swisscom experts can provide protection tailored to their various requirements for a plannable cost. The first step is always, therefore, to conduct a needs assessment with the customer, explains Schöb. As well as ransomware, social engineering and malvertising, common hacker techniques include DDoS attacks, browser hijacks, botnets, rootkits, trojans, viruses and worms. The customer’s needs are jointly identified.
With Swisscom, your customers’ sensitive IT systems are closely monitored from the Security Operation Centre (SOC) in Zurich – round the clock, of course. The SOC itself is subject to the tightest possible security measures. Using a fingerprint scanner, entry is only granted to individuals who have passed a detailed security check. The centre in Zurich is also disaster-proof. Swisscom also has two smaller SOCs in Geneva and Berne.
“Protection against cyber-attacks always involves interaction between people and machines,” says Schöb. As part of a pre-screening process, if there are sufficient indicators, the threat intelligence engine raises the alarm. Threat intelligence is the database in which all threat patterns are captured. Since there is no standard procedure for subsequent action, one of the 25 or so employees is now in charge of this. “After the alarm is raised, we analyse the attack and ward off the threat. Sometimes we also consult colleagues from other security departments in order to avert the danger.”
In order to detect threats early and draw the right conclusions, Swisscom’s Managed Network Security looks at numerous different factors. The more accurately and quickly the experts can see where the dangers lie, the better they can respond. This is why Swisscom closely monitors the national and global threat situation and regularly shares information with partners.
Schöb is convinced that so-called ‘Threat Detection & Response’ will become increasingly important in the future. “The products that are sought after today – such as effective firewalls, managed proxy or managed mail security – will be integrated more or less as a standard commodity in just a few years’ time.”
Professional Threat Detection & Response, on the other hand, requires specific processes and tools, many years of experience, and highly specialised employees. It is hardly possible for a single company to understand the continuously changing cyber-security attacks and react accordingly. A specialist provider, however, benefits from economies of scale in its threat intelligence. The experts learn from every threat posed to individual customers and are ready when other companies suffer similar attacks.
An experienced partner can therefore protect a company’s IT infrastructure, with the customer itself deciding how much support the partner should provide in accordance with the selected business model. It may be notified, for example, whenever sensitive company and personal information is found in public and closed networks such as the dark net. Or it may select a Security Event Management solution and receive specific recommended actions for confirmed security incidents.
Unfortunately, 100% protection from cyber-attacks is a pipe dream. However, a company that turns to a security provider and benefits from its know-how, resources and infrastructure is much less likely to be attacked. “Anyone who has been targeted by hackers in the past and suffered significant losses knows that this investment is always worthwhile,” says Schöb.
Other readers were also interested in: