Data theft, system failures, the loss of work progress and reputational damage: cybercrime is one of the biggest risks for companies today. The days when it was mainly large corporations and private individuals who were hacked are over. Swiss fiduciary companies can also fall victim to cyber attacks. In this blog post, we summarise which cyber threats are currently lurking.
Cyber attacks and the associated data losses cost billions of dollars worldwide every year. Large organisations in particular repeatedly cause negative headlines and uncertainty with their lack of data protection precautions and inadequate responses to cyber attacks. One of the best-known examples from Switzerland is the Geneva-based International Committee of the Red Cross, which fell victim to a large-scale hacker attack in January 2022. The hackers allegedly compromised personal data and confidential information of more than 515,000 vulnerable people.
Smaller companies are also increasingly at risk
However, it is by no means only large corporations and well-known organisations that are affected by cyber attacks. According to a blog post by the insurance company AXA, SMEs are increasingly being targeted by cyber criminals. This can have serious financial consequences: “The average damage for a medium-sized company in Switzerland amounts to around six million Swiss francs,” writes the consulting firm PwC about cyber attacks. If the IT infrastructure fails completely after an attack, it usually takes five to seven days until operations can be resumed, at least on a makeshift basis. In addition to these measurable damages, there is the threat of a loss of trust on the part of your customers and a loss of reputation.
Another trend is that the attackers are becoming more and more cunning. Instead of e-mails from alleged Nigerian princes, cyber criminals are now coming up with deceptively real-looking phishing traps, perfidious Trojans and sophisticated malware. In PwC’s CEO Survey 2022, 100 per cent of the CEOs surveyed in Switzerland said they were concerned about cyber threats. Find out below which cyber dangers are currently lurking.
These are currently the most common cyber-attack scams
Phishing is an attempt by cyber criminals to obtain valuable information through fake websites, emails and text messages. In many cases, the attackers are looking for information about access to online banking or credit card data. Among the best-known phishing attempts are e-mails claiming to come from your bank asking you for your e-banking password. Throughout Switzerland, thousands of people fall into the phishing trap every year, and the number of unreported cases is probably much higher.
Trojan is a generic term for malware variants that hackers use to smuggle mostly destructive or data-stealing malware onto a system. A Trojan is often disguised as a useful programme, for example by bearing the name of another programme or by actually having a helpful functionality in addition to its hidden function. One of the most common ways of spreading Trojans are seemingly harmless messages from senders – often with the same or similar names as your contacts – and e-mail attachments. As soon as you open the affected email and download the attachment, the Trojan service is installed and automatically runs every time you start the system.
Ransomware is a malicious programme that restricts or prevents access to data and systems. The attackers usually demand a ransom for the release, which has to be paid. According to the National Cyber Security Centre (NCSC), ransomware “can cause significant damage, especially if your backups are also affected.”
Extra tip: With smart trust software, in most cases you no longer have to worry about cyber security, backups and data protection yourself. All data is stored on a stable and secure platform to which only authorised employees have access. Experience in a free live demo how the Swiss fiduciary software Accounto simplifies data storage and backup for your fiduciary company.
Botnets are groups of automated malware running on networked computers that ultimately have access to local resources and data without the consent of the owners. The network of remotely controlled computers can, for example, send spam messages to your contacts, spread malware on your work devices or carry out DDoS attacks. DDoS stands for Distributed Denial of Service and DDoS attacks ensure that your systems or website are either only accessible to a limited extent or not at all. Protection against botnets and DDoS is complex and especially smaller companies with limited financial resources for cyber security often reach their limits.
Fileless attacks are a subset of so-called “living-off-the-land” (LotL) attacks and have been observed more frequently in recent years and months. Fileless attacks use tools and functions that are already present in the victim’s environment. They do not rely on file-based usage data and in most cases do not generate new files on the affected devices and systems. This is why fileless attacks can sometimes fly under the radar of commercially available prevention and detection solutions. Typically, a fileless attack begins with an emailed link to an insecure website. Social engineering tricks on that website can launch system tools that retrieve and execute additional usage data directly in system memory. Distinguishing between the malicious use of integrated system tools as opposed to their many legitimate automation and scripting uses is not infrequently a huge challenge for traditional security solutions. The use of system tools as backdoors has been around for decades, but according to security experts, they are currently in an upward trend.
What can fiduciary companies do against cyber attacks?
As cyber criminals continue to evolve their attack strategies, fiduciary companies must adapt their approaches to cyber security and data protection as well. The basic version of standard anti-virus software is often no longer sufficient to defend against today’s cyber threats. Therefore, protect all of your trust’s workloads, data and applications across multiple domains. It is also important that you sensitise your employees to the topic of cyber security. Sometimes cyber criminals do not identify security gaps in applications, but in processes or in the behaviour of employees.
In the next blog post, you will find practical tips on how to protect your fiduciary company from the numerous and increasingly sophisticated cyber attacks.
