Cyber resilience workshop in the heart of Switzerland
Recently, a groundbreaking workshop on cyber resilience took place in the innovative space "The Room" at Zibris AG, organized by the Cyber-Resilience Alliance. The event targeted individuals responsible for or deeply interested in cybersecurity, such as management, executive leadership, and board members. The goal was to demystify cybersecurity, break down barriers, and build awareness. GObugfree, as of the Cyber-Resilience Alliance, was actively involved.
Demystifying cybersecurity
Roman Hüssy, Co-Director of GovCERT at the Federal Office for Cyber Security, BACS, opened the workshop with insightful remarks: “Cybersecurity is not rocket science. With relatively few measures, a majority of cyber attacks can be minimized.” He emphasized the importance of Multi-Factor Authentication, Patch and Lifecycle Management, and secure backups, reminding everyone that these measures must be consistently implemented both internally and with suppliers.
In the eye of the cyber storm: Live ransomware demo
Alex Dosedla, Senior Security Consultant at Adnovum, captivated the audience with a live demonstration of Lockbit ransomware. He impressively showed how the ransomware is prepared and activated and explained the ongoing race between security researchers and cybercriminals to identify and fix vulnerabilities.
Michèle Hühne, Managing Director Switzerland at LUCY Security, took over and demonstrated how attackers gather detailed information about their targets using Open Source Intelligence (OSINT). She illustrated this by setting the perfect timing for an attack based on the collected data about Martin Fankhauser, a fictitious employee of Democorp.
Michael Schläpfer, Chief Security Officer at GObugfree, continued the simulation and demonstrated creating a deceptively real phishing email. He used a publicly available tool and AI to create an authentic-looking website for software verification and then sent out the phishing email with the correct sender and a link to the company's own domain.
The importance of a positive error culture and Business Continuity Management
Michael Schläpfer, acting as Martin Fankhauser from Democorp, opened the phishing email. After carefully verifying that the sender, the link, and the software to be downloaded seemed legitimate, he downloaded the ransomware. Michael commented, “The more complex and hierarchical the company, the more visible it is to cyber risks. An open approach to errors is crucial.” A good error culture helps employees report mistakes and thereby contributes to enhancing security.
Stefan Schelling, Senior Consultant IT Security & Data Protection at Adnovum, focused on Business Continuity Management. He explained that comprehensive planning and regular testing of emergency plans are essential to effectively manage crises and identify vulnerabilities early. “We only find out if we test it,” he emphasized, underlining the need for practical exercises.
Unyielding against ransomware: The art of backups
Thomas Reeb from Lucy Security highlighted the critical aspects of cyber defense. “Those who pay ransom always lose,” he warned. He clarified that backups are not just a necessity but the ultimate barricade against data loss – they secure the vital veins of corporate data.
Crisis management and legal vigilance
Tobias Baum, Senior Sales Engineer at Rubrik, emphasized the importance of an effective cyber recovery strategy. He outlined three key points: the need for guaranteed recoverability with regular backup tests, the rapid identification and cleaning of affected data to ensure no malware is restored, and the necessity for a central view of all data, regardless of their storage on-prem, cloud, or SaaS. These strategies are crucial for ensuring security across various platforms.
Hannes Meyle, Associate at Walder Wyss, delved into reporting obligations and the importance of data classification. He explained the different types of data that need protection—from personal data to particularly sensitive data. He noted that GDPR breaches must be reported within 72 hours, while other incidents should be reported as quickly as possible. This highlights the necessity for clear role assignments and prepared response plans to be proactive.
Tools and support for SMEs
Dario Walder from the Information Security Society Switzerland (ISSS) emphasised that SMEs face similar challenges to large companies, but with significantly fewer resources. He presented Cybernavi, a free tool specifically designed to support SMEs in their cyber security strategy and minimise complexity.
Stefan Dydak from Adnovum cited clear and transparent communication as the key to crisis management. It is important to be proactive. You are a victim and should not feel guilty. The ISSS Courage Award, which recognises companies for their openness in dealing with cyber attacks, was cited as an example.
Reflecting on the afternoon
Giuseppe Pizzol from Allianz summarized the afternoon and emphasized that according to the Allianz Risk Barometer 2024, cyber attacks are the top corporate risk. He highlighted the importance of practicing for emergency situations: “In a crisis, even routine processes are at risk. It's not just about IT skills, but involving everyone.”
The evening wound down with an apéro riche, providing a casual setting where participants continued their discussions. This relaxed atmosphere allowed everyone to engage further, discussing the day's insights and exchanging thoughts in a more personal context.
Thanks to all members of the Cyber Resilience Alliance: Adnovum, Allianz, cybernavi, GObugfree, ISSS, LUCY, Rubrik, Walder Wyss, Zibris.
