21st September 2023 • Courtyard by Marriott Zurich North, Zurich
Switzerland under attack
It’s been a year of intense cyber bombardment. Is Switzerland doing enough to fight back?
In June, a pro-Russian hacking group took down several major websites, including key government sites such as parliament and the federal administration sites, as well as the one for Geneva Airport.
The country’s National Cyber Security Centre (NCSC) described the intensity of the DDoS attack as "exceptionally high" and warned some government websites could remain inaccessible. The attack coincided with preparations by the Swiss parliament for a video address by Ukrainian President Volodymyr Zelenskiy and with Switzerland's adoption of a EU sanctions package against Russia.
These were just the latest in an accelerating burst of attacks in the country. Earlier, hackers published data from the Federal Office of Police (Fedpol) and the Federal Office for Customs and Border Security (FOCBS) on the Darknet, after exploiting a vulnerability on the servers of the company that hosted it. Cantonal police and the army were also indirect victims of the cyberattack. The attack highlighted the vulnerability of IT service providers and those who rely on them.
In fact, in May figures revealed by the National Centre for Cyber Security have shown that cybercrime incidents in Switzerland are rising sharply. With more than 13,000 cyberattacks already than reported since the beginning of 2023, more attacks have been reported in just a few months than in all of 2020. And while most attacks are on private individuals, it is the targeting of larger businesses and critical infrastructure which should worry both government and private sector bosses.
As well as the attacks mentioned, victims this year have included Swiss public transport provider Swiss Federal Railways (SBB) and sewing machine manufacturer Bernina, and the NZZ and CH Media group. Hackers have also recently published data from the Education Department in Basel and the municipality of Saxon in Canton Valais. Other victims include defence contractor RUAG and the International Committee of the Red Cross (ICRC).
These attacks have exposed weaknesses in Switzerland’s cybersecurity readiness. One security solution provider recently reported that it had found 106,000 security holes among 3.5 million servers in Switzerland. It rated 50,000 weak points as extremely serious.
From the start of next year, Switzerland’s National Cyber Security Centre (NCSC) will become a new federal office, reporting to the defence minister, and its budget will rise from CHF13.7 million to CHF14.5 million ($16.2 million). However, few believe this is enough to keep up with the rate of growth in attacks.
In the private sector, just over half of Swiss firms told a survey that they plan to boost their cyber security budgets for 2023, as they expect a rise in ransomware and other attacks next year. That said, globally 65% of firms say that their budgets will rise and the willingness of Swiss firms to release sensitive information about hacks was lower than the global average.
So, what should Switzerland’s public and private sector be doing next to counter these growing threats? How can firms build resilience quickly? Can third-party vulnerabilities be defended? And what about new AI-based challenges?