Cybercrime prevention

Using swarm intelligence against hackers

The criminal threat on the net is growing. Surrender is not an option. On the contrary: the more organisations recognise the risks, invest in security and coordinate their responses, the better their chances of achieving enduring protection.

Text: Robert Wildi, first published in the NZZ supplement of 7.11.2019, Image: Adobe Stock,

The downsides of rapid digital advances are well known: criminals are also hard at it, shamelessly exploiting the latest technology and playing the keyboard of disruptive possibilities with as much virtuosity as the cleverest programmers from leading technology companies. The result? An exponential race to see who can bend and break the most. Ever newer interlocks for increasingly efficient IT systems on the one hand; on the other, a continuous quest for the tiniest gaps through which systems can be infiltrated.


It is no use minimising the harm: "The risks are growing all the time," says Marco Wyrsch who, as Security Officer at Swisscom Business Customers, is the man in charge of combating cybercrime at the ICT provider. Internet criminals' current preferred means of attack are malware and targeted ransomware trojans. The methods they use vary: recent years have seen hackers repeatedly use ransomware to paralyse organisations' entire computer systems. Attacks like this can result in production losses that quickly run into the millions. "Organisations often have to contend with blackmail: they're forced to pay big sums in order to regain control over their data."

From protection to prevention

Alongside visible attacks, hackers are increasingly sneaking into the virtual nerve centres of organisations and even state apparatuses. Unnoticed, they introduce their malicious software into the victims' systems, sometimes managing to access important data for months or even years. The theft of intellectual property mainly occurs in the realm of industrial espionage and can result in the thieves applying for patents for the innovations they have stolen. "While prevention provides effective safeguards against the malevolent encryption of data and accompanying blackmail, technological hardware is needed to detect data theft," says Wyrsch.

"Many companies feel powerless in the face of attacks and blackmail."

Marco Wyrsch, Swisscom

For Wyrsch, the rapid development of digital technologies is not the only aspect driving the growth of online criminality: "You have to bear in mind that cybercrime is one of the most attractive and lucrative forms of illegality because the perpetrators not only remain concealed, but are able to scale up their activities at will.


Businesses need to quickly change how they think in order to counter the danger effectively. "Many companies, feeling powerless in the face of attacks and blackmail, are debating whether to make financial provisions or obtain expensive insurance in case they have to make a claim," an attitude that Wyrsch condemns as short-sighted. Technological progress is such that inadequately protected companies can fall victim time and time again: "The only solution is to radically change strategy from protection to active prevention through targeted investment."

Healthy mix needed

Although organisations talk about taking the requisite steps, all too often too little is still being done, observes Cyrill Peter, Head of Enterprise Security Services at Swisscom Business Customers: more often than not, the lack of (or unbudgeted) funds – a particular problem for SMEs – means that the idea that organisations should develop and maintain their own digital high-security approach is neither realistic nor affordable. According to Peter, a viable alternative is targeted outsourcing to an external partner with the requisite know-how and capacities.

"Our aim is to achieve a steep learning curve in the race between 'good' and 'evil'."

Cyrill Peter, Swisscom

Swisscom's round-the-clock Security Operations Centre in Zurich's Binz district offers business customers a range of cybercrime prevention services. "We're currently experiencing increased demand for detection-related services, i.e. the detection of attacks that have already occurred," observes Marco Wyrsch. Swisscom's experts recommend a healthy mix of prevention, detection and response measures: "This combination has long been the basis in healthcare; digital security needs to do the same thing, and quickly."


Swisscom experts Marco Wyrsch (right) and Cyrill Peter at the ICT provider's Security Operations Centre. (Image: Michele Limina)

Organisations need to redouble their efforts, especially as the hacker scene is not asleep: "Our aim is to achieve a steep learning curve with our customers in this non-stop race between 'good' and 'evil'," says Cyrill Peter. Swisscom's approach in this regard makes use of a kind of swarm intelligence, whereby every single security experience of the current cohort of 1000-plus business customers is gathered together and immediately made available to all the others. "This know-how boosts significantly the learning ability of our systems and security analysts, something that ultimately benefits each individual customer.

WEF: cyber risks are urgent

The two Swisscom experts believe that if businesses manage to sensitise themselves to the issue of cybercrime and organise themselves as fast-learning "security communities", the battle against the digital underworld can be won in the long term. "The fact that every application has hacker-friendly vulnerabilities remains a problem going forward," says Wyrsch. He thinks the coming years will see companies, especially in the manufacturing sector, continue to suffer losses running into the millions: "At some point, though, the level of suffering is likely to be so high that huge investment will be made in online security."


Accordingly, more and more industries will regard protection against digital threats as a decisive competitive advantage. The World Economic Forum (WEF) recognised this urgency and put cyber risk at the top of its agenda at the beginning of the year. It is a logical consequence that telecoms and technology groups such as Swisscom are increasingly focusing their services and infrastructures on the prevention and detection of cybercrime. Demand is expected to increase exponentially in the near future. "We're ready to go 24/7," says Marco Wyrsch.

The commonest cyber risks

The Federal Reporting and Analysis Centre for Information Assurance (MELANI) identifies a large number of cyber threats to which companies are exposed:

  • (Cyber) espionage

    Vulnerabilities in the digital infrastructure – e.g. lack of internet encryption or weak passwords – are exploited by cyber criminals to access confidential information and prepare further attacks. This affects government agencies as well as businesses, whose know-how is stolen and misused.

  • Data flows

    Confidential information is stolen, then the attacker blackmails the victim by threatening to publish, copy or distribute it. It is hard to evaluate the veracity of the claim, which is why many companies affected in this way play safe by paying the extorted sum.

  • DDoS

    Distributed denial of service attacks are aimed at limiting the availability of an IT service such as a website or web shop and causing it to crash. These attacks can come with threats of blackmail. This tends to happen to IT services with limited resilience or no data traffic monitoring.

  • Social Engineering

    Psychological tricks are deployed to deceive users and lead them to reveal personal information. Social engineering exploits the weak point, i.e. the human being. Tricks include putting the target under time pressure, e.g. by exhorting them to "log in immediately or your account will be blocked".

  • Phishing

    A phishing attack tries to obtain the target's access data by assuming a false identity, e.g. that of the target's bank. If they get hold of the login details, the cybercriminals have access to the target's online bank account.

  • Malware

    Damaging malware is used in many cyber attacks. IT systems are manipulated and information obtained, altered or even deleted. An attack of this nature on a business can involve the loss of confidentiality, integrity and availability of the data.

  • Ransomware

    Here, encryption trojans encrypt the target's data, thus rendering it unusable. The cyber criminals demand money in return for unencrypting the data – which may or may not occur.

Hand with smartphone


Would you like to regularly receive interesting articles and whitepapers on current ICT topics?

Other readers were also interested in: