1st Annual e-Crime & Cybersecurity Congress Switzerland

Securing critical business sectors

Finance, healthcare, infrastructure and local government are all key targets: are they doing enough?

Taking cybersecurity seriously

Switzerland, arguably, came late to cybersecurity. It was only in 2019 that the Federal Council created the NCSC, which is part of the FDF General Secretariat. But more recently, the growing significance of cybersecurity to the country and core sectors such as finance has become clear. This year, the Federal Council is looking to reinforce and restructure the NCSC and turn it into a Federal Cybersecurity Office.

In addition, the government has just announced the establishment of a financial sector cybersecurity association, aimed at increasing the cyber resilience of the country’s financial sector. A new Swiss Financial Sector Cybersecurity Centre (Swiss FS-CSC) has been established in Zurich, which is open to all banks, insurance companies, and other entities that are registered in Switzerland and authorized by The Swiss Financial market supervisory authority (Finma).

The aim is to increase the cyber-resilience of the Swiss financial centre by facilitating the exchange of information between financial market players and improving cooperation on sector-wide preventive measures and systemic crisis management. The more than 80 founding members include associations, banks, and insurance companies.

The drivers of these changes are clear: Switzerland is increasingly a target for cyberattacks. In February Swissport, the world’s largest airport ground services and cargo handling company, was targeted by  ransomware.

In January, the Geneva-based International Committee of the Red Cross said its services had  been compromised by a hack. Swiss municipalities have also been hacked, including the towns of Montreux and Rolle. And a hacker recently gained access to thousands of commuter details in the Swiss Railways system. The NCSC’s latest report details thousands of incidents and focuses on supply chain attacks – the websites of the city and canton of St Gallen were unavailable for a prolonged period due to a DDoS attack on a hosting provider.

So how can vendors, governments and CISOs work together to build a better model for cybersecurity? In the US a new cybersecurity act for the healthcare sector has been proposed; resilience is the key buzzword in finance, and regulators want to force companies to put CISOs on their boards. In Europe, DORA and other regulatory updates are increasing mandatory security measures. And new technologies and cybersecurity architectures are being developed to try to keep up with the hackers, at the same time as the market moves to digital assets and the metaverse. But is this enough?