{"id":7638,"date":"2022-09-28T00:00:00","date_gmt":"2022-09-27T22:00:00","guid":{"rendered":"https:\/\/www.loyco.ch\/actualites\/cyber-news-raising-awareness-to-prevent-cyberattacks\/"},"modified":"2024-07-30T15:18:42","modified_gmt":"2024-07-30T13:18:42","slug":"cyber-news-raising-awareness-to-prevent-cyberattacks","status":"publish","type":"post","link":"https:\/\/www.loyco.ch\/en\/actualites\/cyber-news-raising-awareness-to-prevent-cyberattacks\/","title":{"rendered":"Cybernews: raising awareness to prevent cyberattacks"},"content":{"rendered":"

Following the launch of the Cyber Risk Clinic last May, we’re giving the floor to several cyber experts who are active in this new structure.
\nIn this series of “cyber news”, they decipher for you the issues linked to these particular risks, and share concrete cases of cyber-attacks encountered in their professional practice. <\/strong> For the second episode in our series on cyber risks, we put 3 questions to Bertrand Fournier<\/a>, CEO of Silicom Group SA<\/a>, partner of the Cyber Risk Clinic. Employee training is the last line of defence when technology has failed to stop certain attacks. <\/p>\n

Is there a specific type of customer who calls on your services for cyber security issues?<\/strong><\/h2>\n

The customers who call on our Services are, unfortunately and all too often, those who have already been affected by an attack.
\nThey range from small companies with 2 employees to companies with several dozen employees, who already have specific training needs.
\nIn short, it’s fair to say that everyone is affected by the issue, but it still<\/strong> seems a long way from the concrete priorities<\/strong> that COVID and rising energy costs in particular may have been.
\nCompanies are not yet sufficiently aware of the value that stored data can have when cross-referenced with other sources. <\/p>\n

What are the latest attacks and what is their financial impact?<\/strong><\/h2>\n

The two types of attack for which we currently help and support the most customers are: <\/p>\n

    \n
  1. Phishing<\/strong>: a method designed to steal login information and embezzle money by pretending to be an organization, customer or supplier you know.<\/li>\n
  2. System encryption by malicious software<\/strong> (malware): an attack that encrypts files on computers, then demands a ransom in exchange for the decryption key.<\/li>\n<\/ol>\n

    In the first case, the financial consequences can range from the simple embezzlement of funds by bank transfer to the implementation of more complex systems, linked to the so-called “man-in-the-middle” technique, which in some cases has enabled the embezzlement of several tens of thousands of francs, as demonstrated in the case study below. <\/p>\n

    How can we prevent these cyberattacks?<\/strong><\/h2>\n

    The most important thing is to avoid the “onset” of the attack, by keeping your systems up to date and protecting your network and data with all the best practices available.
    \nThese can range from technical solutions that eliminate the most common fraudulent behaviors, to more complex systems of attack detection and 24\/7 active monitoring. The last of the defenses that can benefit the user is training<\/strong>.
    \nThat’s why Silicom Academy invests a great deal of time in building staff awareness courses, making them the last line of defence when technology fails to stop certain attacks. <\/p>\n

    Cyber attack case study<\/strong><\/h2>\n

    A company spied on by a hacker for months at a cost of CHF 60,000.<\/strong><\/h3>\n

    A hacker managed to break into the systems of a company with around 30 employees, operating in Switzerland and internationally with European Suppliers, which did not use two-factor authentication.
    \nHe hacked into and observed Outlook e-mail exchanges over a period of 3 months.
    \nIncoming and outgoing e-mails were intercepted by passing through a sub-folder, then rewritten to give the interlocutors confidence.
    \nHere’s a     diagram of the attack<\/a> below.
    \nAfter months of work and observation, the hacker intercepts an invoice issued by a well-known Spanish Supplier, using the pretext of an IBAN change to a new Swiss account at UBS.
    \nThe payment, amounting to over CHF 60,000, is validated by the company’s fiduciary Services and two other persons authorized to validate and make payments internally.
    \nThe money was transferred by the company to an account, which was closed immediately after the transaction, in return for a loss of CHF 60,000 with no cyber cover.
    \nFollowing this, the customer lodged a complaint, which unfortunately had no impact other than to feed the statistics and protect those who had no insurance. <\/p>\n

    \"Case<\/a><\/h4>\n

    What could have been done to avoid these dramatic developments?<\/strong><\/h4>\n