Cyber Incident Hub – A Powerful Response To Cyber Attacks

Die drei führenden Beratungsunternehmen MLL MeyerLustenberger Lachenal Froriep (MLL), Farner Consulting, Oneconsult und das Startup CYBERA lancierten am XBorder Anlass des Handelsverbandes zum Thema «Trends im E-Commerce» vom 25. August 2021 den ersten interdisziplinären «Cyber Incident Response Hub» der Schweiz. Die Dienstleistungspalette umfasst relevanten Support gegen Cyberattacken. Dieser wird im Falle von Angriffen rund um die Uhr (24 Hours, 7 Days) durch die vier Unternehmen angeboten. Abgedeckt werden auf Cyber spezialisierte Rechtsberatung (MLL), Incident Response und Digitale Forensik (Reaktion auf und Untersuchung von Cyberattacken) (Oneconsult), Krisenkommunikation und Reputation Management (Farner) sowie internationale Reaktion bei betrügerisch entwendeten Geldern (CYBERA). Dieses schweizweit einzigartige Angebot begegnet in Zeiten des digitalen Wandels einer stark zunehmenden Bedrohung von Firmen durch Cyberattacken, Datenkorruption, Fraud und Erpressung. Zielkunden sind neben (Cyber-) Versicherern exponierte Firmen aller Art.

  Spectacular cyber attacks, such as the ones carried out recently on the tech giant Microsoft and the American company Kaseya, “enjoy” a huge amount of international attention – normally to the benefit of the attackers: their criminal business models appear to be indirectly endorsed and worthy of emulation, because these attacks all too often end up with the criminals getting away with a lot of money and no punishment. This is why the number of cybercrime incidents, and the amount of losses sustained, is rising steeply and markedly.

  Smaller businesses get caught out too But it is not just the big corporations that are being hit by the rising number of cyber attacks. That has been proven by the Stadler Rail and Comparis cases. A ZHAW study has also revealed that about one-third of all Swiss SMEs have already fallen victim to cyber attacks; and some 4 % of them have also been blackmailed. This means that already around 200,000 SMEs have been the victim of a cyber attack. That is a significant number, especially when considering that in various surveys, some 56 % of managing directors judge their IT security standards to be “good” or even “very good”. These findings reflect the scale of the threat facing businesses in this digital age. Thanks to their lack of awareness they may easily fall victim to cyber criminals. ICT Switzerland put out this warning in one of its studies: “The risk of falling victim to a cyber attack is not rated highly enough. The possibility of being unable to operate for a whole day or even to have their very livelihoods put at risk was viewed as a significant or major danger by only 10 % and 4 % of respondents respectively.” But at the same time, only 60 % of respondents confirmed that they had deployed in full such basic protection measures as malware protection, firewalls, patch management and backups. Systems to identify cyber incidents had only been fully implemented by one in every five businesses. Only 18 % of the businesses surveyed said they had procedures in place to deal with cyber incidents; a mere 15 % said they ran training for employees on the safe use of IT.

  Sound advice is needed if it happens If a business falls victim to a cyber attack, it needs sound advice from a knowledgeable partner. A ransomware attack, for example, will be swiftly followed by a demand for ransom money, usually in a cryptocurrency so as to cover up tracks. Victims often remain uncertain, even after making the payment, whether they have indeed regained full access to the data that was encrypted by the attackers. They are left potentially with law suits, reputational damage, financial losses and uncertainty. Prevention, intervention and aftercare, along with sound advice, are called for here.

  360° package offers a promising solution This is the starting point for the services being offered by the four companies. Successful prevention together with the appropriate response to cyber security risks calls for interdisciplinary and cross-border collaboration. The skills of legal, technical, forensic and communications experts are all needed if companies are to be optimally prepared for attacks, able to ward them off successfully and deal with, or at least minimise, their consequences. The law firm MLL has built up a network of first-class, experienced partners, allowing it to offer a coordinated response to all types of cyber security problem. Their round-the-clock service ranges from drawing up a cyber security response plan and analysing a company’s ability to deal with cyber risk, to dealing with security breaches, data loss and the investigation of cyber attacks in a legally correct manner. Good communication in the event of an attack helps to restore any reputational damage quickly.

When all is said and done, being able at all times to ensure cyber and data security is essential for companies today if they are to meet their legal obligations in respect of compliance and good governance.

  Any loss of data, and the response to it, immediately gives rise to liability and accountability risk. Responding in the right way, even under the pressure of events, helps to reduce the risk of legal consequences.

Lukas Bühlmann, a partner at MLL

The sooner professional assistance is given, the smaller the risk that an organisation will sustain heavy losses because of a cyber attack. That is why it is important, if you are attacked, that you can call quickly on the services of an experienced, reliable and professional partner.

Tobias Ellenberger, COO of Oneconsult

Damage to, or theft of, sensitive customer data can lead very quickly to a public scandal. For the organisation involved, this can cause serious reputational damage. With the help of a good and experienced team providing professional crisis communication, reputational damage can be minimised.

Daniel Heller, partner at Farner Consulting

In order to block sums of money that have been fraudulently obtained by providing the information relevant under criminal law, and to secure those sums before they get laundered and are irrevocably lost, you need new solutions – and we offer them.

Nicola Staub, founder and CEO of CYBERA

The four partners together provide the optimal bundle of expertise to deal with cyber attacks, no matter what form they take. They offer: cyber-centred legal advice and data protection, cyber security, reaction to and defence against attacks, as well as digital forensics, reputation protection and crisis communication, protection against cyber fraud and 24/7 incident response.

Ihr Kontakt für
IT-Sicherheitnotfälle

Damit wir Ihnen bestmögliche Unterstützung bieten können, werden wir Sie zunächst um folgende Informationen bitten:

– Was und wer ist betroffen?

– Wie und wann wurde der Vorfall bemerkt?

– Wer hat den Vorfall entdeckt und gemeldet?

– Was bereitet Ihnen Sorgen im Zusammenhang mit dem Vorfall?

– Welche Massnahmen wurden bereits eingeleitet?

Your contact for
IT security emergencies

To be able to provide you with the best possible support, we would first like to ask you for the following information:

– What and who is affected?

– Who discovered and reported the incident

– How and when was the incident detected?

– What did you observe?

– What are you most concerned about?

– Which measures have been initiated so far?

Data Protection Policy – Cyber Incident Hub

1 Privacy
Cyber Incident Hub takes the protection of your privacy very seriously. Please read the following data protection regulations carefully.

2 Scope of application
Cyber Incident Hub collects, processes, stores, and protects the data of persons who access its website (data subjects). These data protection regulations apply to this website and all its applications and functions, such as chat, newsletters, events, etc.

3 Legal grounds
This Data Protection Policy is based on the Swiss Federal Act on Data Protection (FADP) and, to the extent applicable, the European General Data Protection Regulation (GDPR).

4 Name and address of the controller and its representative
The controller within the meaning of the data protection laws is:

Cyber Incident Hub
Löwenstrasse 2
8001 Zurich
Switzerland

Phone: +41 44 266 67 67
E-mail: info@cyber-incident-hub.ch

Responsibility for all legal data protection issues at Cyber Incident Hub is held by the controller: Daniel Heller, Partner & Co-Head Startup Desk at Farner Consulting AG.

Our EU data protection representative with respect to processing to which we as controller are subject under the GDPR is:

VSG Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Germany

E-mail: info@datenschutzpartner.eu

5 Use of information
In principle, it is possible to visit the Cyber Incident Hub website without providing any personal data. No conclusions about you are drawn when we evaluate non-personal data such as an IP address, browser used, date, time, etc.

Visitors to our website can also activate the “do not track” option so that only the process of logging in itself will be tracked.

Personal data will be collected and processed strictly in accordance with the applicable laws and regulations and then only with your explicit consent.

6 Disclosure of personal data
We treat your personal data confidentially and disclose them only if you have expressly consented to it, we are legally obligated or entitled to do so, or if this is necessary for the purpose of enforcing our rights, including the enforcement of claims under the contractual relationship. In addition, we disclose your personal data to third parties if this is necessary or expedient in connection with use of the website or possible provision of services that you requested.

We disclose your personal data to the following categories of recipients:

  • Business partners
  • Service providers
  • Service companies
  • Governmental authorities, to the extent this is required or necessary

In doing so, we of course comply with the legal requirements concerning the disclosure of personal data to third parties. If we make use of third parties to provide our services, we take appropriate legal precautions and corresponding technical and organisational measures in order to ensure the protection of our personal data in accordance with the relevant statutory requirements.

If the level of data protection in a country in which the data are processed is not in conformity with the applicable data protection provisions, we ensure by contract that the protection of your personal data corresponds at all times to that in Switzerland or the European Economic Area (EEA).

7 Contact options via the website
If you contact Cyber Incident Hub via our website, the personal data you submit will be saved automatically. This data which you submit on a voluntary basis will be used for processing purposes or for contacting you. Such data submitted on a voluntary basis are stored exclusively for the purposes of processing your enquiry or contacting you. Our legitimate interest consists of processing your contact enquiries. No personal data will be transferred to third parties.

The services of Intercom are used for making contact through our live chat. You can find further information at https://www.intercom.com/legal/privacy.

You may object to this data processing at any time. Please send your objection to info@cyber-incident-hub.ch. In such case, your data will be erased, and your enquiry will not be processed further, unless this is prevented by statutory retention obligations.

8 Function for commenting and debating
Our website has interactive forums such as chat, blog, message board and other platforms. You can leave individual comments on contributions from other visitors and debate certain topics. In turn, these comments can themselves be commented on by third parties.

If a data subject leaves a comment on an article or comment published on this website, the details about the time the comment was made and the name of the data subject (“real name obligation” under German law) will be saved and published in addition to this comment. The IP address assigned by the data subject’s internet service provider will also be logged. This IP address is saved for security reasons and in case a submitted comment infringes the rights of a third party or illegal content is posted. These personal data are therefore stored in our own interest so that we can provide proof if necessary in the event of a legal violation. None of this collected personal data is passed on to third parties unless the law requires it to be or if it is used to defend the rights of the controllers.

If you would like to object to the processing of your personal data transmitted through the commenting and debating function, please send your objection to info@cyber-incident-hub.ch.

9 Routine erasure and blocking of personal data
Unless expressly indicated as part of this Data Protection Policy, Cyber Incident Hub processes and stores the personal data of data subjects only for the period of time necessary for achieving the storage purpose or where this was provided for by statutory requirements to which Cyber Incident Hub is subject.

If the storage purpose is not applicable, or if any storage period provided by law expires, the personal data is routinely blocked or erased in accordance with legal requirements.

10 Legal grounds for processing
No data will be processed unless there are legal grounds for doing so. The following are such grounds:

  • consent
  • the conclusion or performance of a contract or the enquiry of data subjects in advance thereof (pre-contract)
  • legal obligations
  • protection of a legitimate interest of Cyber Incident Hub or a third party
  • where applicable, vital interests

11 Rights of the data subject
a) Right of access to information

Every data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed and to free access to these data and further information and a copy of the data in accordance with statutory requirements.

b) Right to rectification
Every data subject has the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her and to have incomplete personal data completed.

c) Right to erasure (right to be forgotten)
Pursuant to statutory requirements, every data subject has the right to obtain the erasure of personal data concerning him or her without undue delay.

d) Right to restriction of processing
Pursuant to statutory requirements, every data subject has the right to obtain restriction of processing.

e) Right to data portability
Pursuant to statutory requirements, every data subject has the right to receive the personal data concerning him or her, which he or she has provided to Cyber Incident Hub, in a structured, commonly used and machine-readable format and to demand their transmission to another controller.

f) Right to object
Each person whose data is processed has the right to object at any time to the processing of personal data concerning him or her. This also applies to profiling based on these provisions.

Cyber Incident Hub can no longer process the personal data in the event of the objection, unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.

g) Automated individual decision-making, including profiling
Pursuant to statutory requirements, every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

h) Right to withdraw data protection consent
Every data subject has the right to withdraw his or her consent to the processing of personal data at any time with prospective effect. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

i) Right to lodge a complaint with a supervisory authority
Depending on the applicable data protection legislation, the data subject may have the right to lodge a complaint with a competent data protection authority.

Please be aware that there are exceptions to these rights. In particular, Cyber Incident Hub must in some cases process and store personal data of data subjects in order to perform a contract with you, safeguard its own vital interests, such as the assertion, exercise or defence of legal claims, or comply with statutory obligations. To the extent legally permissible, Cyber Incident Hub may therefore also refuse your demands relating to data protection or meet them to only a limited extent.

In the event of questions in connection with the data protection practised by Cyber Incident Hub and for information with respect to the rights of data subjects and for asserting them, the data subject can get in touch with Cyber Incident Hub at any time using the contact details listed at the start of this Data Protection Policy. If necessary, Cyber Incident Hub reserves the ability to request the identification of data subjects for the processing of enquiries in a suitable manner.

12 Links to other websites
The Cyber Incident Hub website links to other websites that are not operated by Cyber Incident Hub and are not covered by this Data Protection Policy. After clicking on the link, Cyber Incident Hub no longer has any influence over the processing of any data transferred to third parties (such as the IP address), since the conduct of third parties is naturally outside of our control. Therefore, Cyber Incident Hub also cannot assume any liability for this outside content. The respective provider or operator of the sites is always responsible for the content of the linked sites.

The linked sites were examined at the time the links were created for possible legal violations and discernible infringements of the law. No unlawful content was discernible at the time the links were created. However, absent specific indications of a legal violation, permanent control and review of content cannot be reasonably expected. If we become aware of legal violations, such links will be promptly removed.

13 Collection, processing and use of personal data
13.1 Personal data
Personal data is information about the factual or personal circumstances of an identified or identifiable natural person. This includes, for example, your name and your email address.

13.2 Use of your data for marketing purposes
Besides using your data for sending out newsletters, we may also use your information to display personalised advertising to you.

You can object at any time to the use of your personal data for marketing purposes. Please send your objection to info@cyber-incident-hub.ch.

13.2.1 Newsletter
If you subscribe to our newsletter, the personal data you transmit will be stored for the purpose of sending you the newsletter. The newsletter provides you with information about us and our offers.

If you would like to subscribe to our newsletter, the (self-declared) details marked with a * are required.

We use the double opt-in procedure for sending the newsletter. This means that we will first send you a newsletter by email after you have expressly confirmed that you consent to the sending of the newsletter. We will then send you a notification email and ask you to confirm that you wish to receive our newsletter by clicking on a link contained in this email. If at a later stage you decide you do not want to receive any newsletters from us, you can unsubscribe at any time. An unsubscribe link can be found in each newsletter sent out. Alternatively, you can send your withdrawal to the following email address: info@logicare.ch.

13.2.2 Service recommendations by email
As a customer of Cyber Incident Hub, you will receive product or service recommendations from us by email from time to time. You will receive these recommendations from us regardless of whether or not you have subscribed to a newsletter. This is because we want to provide you with information about products from our range that you might be interested in based on the last services you have used. In doing so we act strictly in accordance with legal requirements. If you no longer wish to receive product recommendations or any marketing messages from us, you can object at any time, without incurring a fee except the dispatch costs as set out in the basic tariffs. In that case please send an email to info@cyber-incident-hub.ch. You can also of course find an unsubscribe link in every email.

13.2.3 Personalised advertising for you
The information we receive from you helps us to continually improve your service experience and structure it in a customer-friendly manner that is personalised for you. The information you have submitted and automatically generated will be used to personalise advertising for you and your interests. For this purpose we use existing information, such as delivery and read receipts of emails, information on a computer and connection to the internet, operating system and platform, your service history, the date and time of a visit to the homepage, articles, topics and content you have viewed.

We use this information exclusively in pseudonymised form. By analysing and evaluating this information, we are able to improve our web pages and our internet offering, and send you personalised advertising. This is advertising that recommends services that you might actually be interested in. Our goal is to make our advertising more useful and interesting for you. Therefore, the evaluation and analysis of the pseudonymised data collected from you helps us to avoid sending you random advertising but rather advertising, such as newsletters and service recommendations, that actually meet your areas of interest. For example, we will determine which of our promotional emails you open to avoid sending unnecessary emails to you.

If you do not wish to receive any personalised advertising, you can object at any time. Please send your objection to info@cyber-incident-hub.ch.

13.2.4 Competitions, market and opinion research
In the case of contests, we use your personal data that are necessary for holding the contest for the purpose of notifying winners and promoting our offers. In some cases, we may forward your personal data to our contest partners, e.g., in order to send you the prize. Participation in the contest and the associated data collection is of course voluntary. Detailed information can be found, where applicable, in our terms and conditions of participation for each contest.

In addition, we use your personal data for market and opinion research. We of course use them exclusively in anonymised form for statistical purposes and only for Cyber Incident Hub. You can find detailed information, where applicable, as part of the respective survey or at the location where you provide your data. Your responses to surveys will not be forwarded to third parties or published. Cyber Incident Hub uses and processes your personal data for market and opinion research solely for its own purposes.

You can object at any time to the use of data for contests and market and opinion research. Please send your objection to info@cyber-incident-hub.ch.

14 Cookies
This website uses cookies. Cookies are small text files that are stored permanently or temporarily when you visit this site. The main purpose of cookies is to analyse the use of this website for statistical evaluation and to make continuous improvements.

You can disable cookies completely or partially at any time in your browser settings. If you disable cookies, you will not be able to access all the functions of this website.

14.1 What are cookies?
Cookies are small files that are stored on your data carrier which hold certain settings and data for exchange with our system via your browser.

There are basically two different types of cookie: session cookies, which are deleted as soon as you close your browser, and temporary/permanent cookies, which are stored on your data carrier for a longer period or without limit. This type of storage helps us to design our web pages and our offers with you in mind and makes it easier for you to use these pages. For example, certain input from you can be stored so that you are not required to enter this repeatedly.

14.2 What types of cookies does Cyber Incident Hub use?
Most of the cookies we use are deleted again from your hard drive at the end of your browser session (i.e. session cookies). We also use cookies which remain on your hard drive. When you visit again we will automatically recognise that you have already visited us and what inputs and settings you prefer.

These temporary and permanent cookies (lifespan of 1 month to 10 years) will be stored on your hard drive and delete themselves after a specified period of time. These cookies are mainly used to make our range more user-friendly, effective and secure. Thanks to these files, it is possible, for example, to show you content on the page that is specially tailored to your interests.

The sole purpose of these cookies is to adapt our range to your wishes in the best possible way and to make it as easy and convenient as possible for you to surf on our site.

We use the following cookies:

PurposeToolProvider
NecessaryelementorWordPress
Necessarywp-wpml_current_languageWordPress
   
   
   
   

14.3 What data is stored in the cookies?
Only pseudonymous data is stored in the cookies used by Cyber Incident Hub. The cookie is allocated an identification number when it is activated. Your personal data is not allocated to this identification number. Your name, your IP address and other such data that might allow the cookie to be traced to you directly are not placed in the cookie. We receive only pseudonymised information on the basis of the cookie technology, relating, for example, to which of our pages have been visited, what services, articles or cases have been viewed, etc.

14.4 What is onsite targeting?
The Cyber Incident Hub website uses cookie technology to collect data to optimise our advertising and entire online offering. This data is not used to identify you personally, but only to conduct a pseudonymous evaluation of how the homepage is used. Your data will at no time be combined with the personal data stored with us.

With this technology we can provide you with advertising and/or special offers and services whose content is based on the connection with the information obtained in the clickstream analysis (for example, advertising based exclusively on the content viewed in the past few days on topics such as digital marketing or media relations).

Our objective here is to make our online range as attractive for you as possible and show you advertising which corresponds to your areas of interest.

14.5 Are third party cookies also used?
Cyber Incident Hub uses some advertising partners that help make the internet offering and our website more interesting for you. Therefore, when visiting the website, cookies of partner companies are stored on your hard drive. These are temporary/permanent cookies that are automatically deleted after a specified period of time. These temporary and permanent cookies (lifespan of 14 days to 10 years) will be stored on your hard drive and delete themselves after a specified period of time.

The cookies of our partner companies only contain pseudonyms, mostly anonymous data. This is, for example, data about what products you have viewed, if something was purchased, what products you looked for, etc. Some of our advertising partners record information via the web pages about which pages you have visited before or which products you are interested in for example in order to show you advertising best suited to your interests.

This pseudonymous data is not combined with your personal data at any time. It is only used to allow our advertising partners to show you advertising you might actually be interested in.

14.6 Re-targeting
Our web pages use re-targeting technology. We use these technologies to make our internet offering more interesting for you. This technology makes it possible to target internet users who have already shown they are interested in our website and in our offers shown there with advertising on the websites of our partners.

We believe that personalised, interest-based advertising is generally more interesting to internet users than advertising with no such personal reference. Such advertising is displayed on the pages of our partners based on cookie technology and an analysis of previous usage behaviour. This form of advertising is completely pseudonymous. No usage profiles are combined with your personal data.

The basis for processing your personal data with the aid of cookies depends on whether we ask you for consent. If we ask you for consent and you consent to the use of cookies, the basis for the processing of your data is your consent. If we do not obtain consent from you, we process the personal data processed with the aid of cookies on the basis of our legitimate interests (e.g. in the analysis and optimisation of our services and offers) or, if the use of cookies is necessary, in order to fulfil our contractual obligations.

14.7 How can you prevent cookies from being stored?
In your browser, you can specify that cookies can only be stored with your consent. If you only want to accept Cyber Incident Hub cookies and not the cookies from our service providers and partners, you can change the settings in your browser to block third-party cookies.

The help function in the menu bar of your web browser will usually show you how you can reject new cookies and deactivate those already received. Alternatively, you can visit https://www.aboutcookies.org. There you will find step-by-step instructions about how you can monitor and delete cookies in most browsers.

If using a shared computer set up to accept cookies and flash cookies, we recommend that you always log off completely when ending your session.

15 Log files
Each time you access Cyber Incident Hub’s web pages, usage data is transmitted by the respective internet browser and stored in server log files. The stored data records contain the following data: the date and time of access, the name of the page accessed, IP address, referrer URL (original URL from which you arrived at the web pages), the amount of data transferred, and the product and version information of the browser used.

The IP addresses of users are deleted or anonymised when you end your session on the website. When anonymising, IP addresses are modified so that the individual details about persons or factual circumstances can no longer be attributed to an identified or identifiable natural person or only if a significantly large amount of time, cost and labour is expended.

We evaluate these log file data records in an anonymous form in order to further improve our offering and make it more user-friendly, to find and correct errors more quickly and to manage server capacity. For example, we can determine what times the Cyber Incident Hub website is especially popular and make the relevant data volume available to ensure you can make a purchase as quickly as possible. We can also identify and correct any errors on the Cyber Incident Hub website more quickly by analysing the log files. These purposes also constitute our legitimate interest in data processing.

16 Web analysis
This website uses various services for the purpose of website analysis and tracking, which we explain to you in more detail in the following. In addition, we show you how you can prevent these services from analysing your usage behaviour on our website. If we ask you for your consent to the use of third-party services, the legal basis for this form of data processing is your consent. If we do not obtain your consent, your personal data are processed on the basis of our legitimate interests (i.e., for optimisation and marketing purposes and the appropriate design of our website).

16.1 Google Remarketing
We use the Google Remarketing function to show you ads on Google Ads, Google Display Network and YouTube that are tailored to your interests based on your activities on our website via re-targeting. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behaviour when visiting various websites. In this way, Google can determine your previous visit to our website. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.

According to its own statements, Google does not collect any personal data during this process. If you do not wish to use Google’s remarketing function, you can deactivate it by making the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can deactivate the use of cookies for Google. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

If you still do not wish to use Google’s remarketing function, you can deactivate it in principle by making the corresponding settings at https://adssettings.google.de. Alternatively, you can disable the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at https://optout.networkadvertising.org/?c=1.

Further information on Google Remarketing data protection can be found at https://policies.google.com/privacy?hl=de and https://services.google.com/sitestats/de.html.

16.2 Google Marketing Platform
We use the online marketing tool Google Marketing Platform (“GMP”) from Google. GMP uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once.

In addition, GMP can use cookie IDs to record so-called conversions, i.e. whether a user sees a GMP ad and later visits the advertiser’s website and makes a purchase there. According to Google, GMP cookies do not contain any personal information.

Your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to Google, the integration of GMP provides Google with the information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible for the provider to obtain and store your IP address. The use of GMP may also result in the transmission of personal data to Google servers in the USA.

You may refuse the use of cookies by selecting the appropriate settings on your browser, or by disabling Google’s interest-based advertising by clicking on the appropriate link on https://adssettings.google.com. Please note that in this case you may not be able to use the full functionality of this website.

Further information on the data protection of Google Marketing Platform can be found at https://marketingplatform.google.com/.

16.3 LinkedIn Pixel
We use the LinkedIn Pixel of the LinkedIn Corporation 1000 W. Maude Avenue Sunnyvale, CA 94085, USA, or if you are a resident of the European Economic Area (EEA) or Switzerland, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

In particular, the LinkedIn pixel allows us to track users’ actions after they have seen or clicked on a LinkedIn advertisement. This allows us to evaluate the effectiveness of LinkedIn ads for statistical and market research purposes and to optimise future advertising measures. The data collected in this way is anonymous for us, so it does not allow us to draw any conclusions about your identity. However, the data is stored and processed by LinkedIn, so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes, in accordance with the LinkedIn data protection policy: https://www.linkedin.com/legal/privacy-policy. This allows LinkedIn to enable the placement of advertisements on LinkedIn pages as well as outside of LinkedIn. We cannot influence this use of data.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings at the following link https://www.linkedin.com/psettings/advertising/actions-that-showed-interest. To do this, you must be logged in to LinkedIn. To do this, you must be logged in to LinkedIn.

If you are not a member of LinkedIn, you can object to the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative deactivation page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

16.4 Twitter Pixel
We use the Twitter Pixel of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, or if you have your habitual residence in the European Economic Area (EEA) or Switzerland, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (“Twit-ter”).

In particular, the Twitter pixel allows us to track users’ actions after they have seen or clicked on a Twitter ad. This allows us to evaluate the effectiveness of the Twitter ads for statistical and market research purposes and to optimise future advertising measures. The data collected in this way is anonymous for us, so it does not allow us to draw any conclusions about your identity. However, the data is stored and processed by Twitter so that a connection to the respective user profile is possible and Twitter can use the data for its own advertising purposes in accordance with the Twitter data protection policy: https://twitter.com/privacy. This enables Twitter to display advertisements on Twitter pages and outside of Facebook. We cannot influence this use of the data.

If you wish to object to the collection by the Twitter pixel, you can do so by making the appropriate settings at https://twitter.com/settings/account/personalization. You can change your data protection settings and consent for Twitter in the account settings at https://twitter.com/account/settings.

You can also deactivate (all) cookies that are used for range measurement and advertising purposes via the following link: https://www.aboutads.info/choices.

Please note that this setting will be deleted when you delete your cookies.

Further information on Twitter’s data protection can be found at: https://twitter.com/de/privacy.

17 Google Maps
This website uses the Google Maps service provided by Google LLC (“Google”). This enables us to show you interactive maps directly on the website and allows you to use the map function conveniently. By using Google Maps, information about your use of our website (including your IP address) may be transmitted to a Google server in the USA and stored there. Google may store this data as usage profiles for the purpose of tailoring its services, advertising and market research. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish this, you must log out beforehand. If you do not agree to the processing of your data, you have the option of deactivating the Google Maps service and thus preventing the transfer of data to Google. To do this, you must deactivate the Java Script function in your browser. However, we would like to point out that in this case you will not be able to use Google Maps or only to a limited extent.

You can find further information on the data protection of Google Maps at http://www.google.com/intl/de_de/help/terms_maps.html or at https://policies.google.com/privacy.

18 Social plugins
Our website uses social plugins (“plugins”) from various social networks. With the help of these plugins you can, for example, share content or recommend products. The plugins are activated by default on cyber-incident-hub.ch.

The content of the plugin is transmitted directly to your browser by the social network and integrated into the website by it. By integrating the plugins, the social network receives the information that you have accessed the corresponding page of our website. If you are logged in to the social network, it can assign the visit to your account. If you interact with the plugins, for example by clicking the Facebook “Like” button or posting a comment, the corresponding information is transmitted directly from your browser to the social network and stored there.

Even if you are not logged in to the social networks, data can be sent to the networks by websites with active social plugins. An active plugin sets a cookie with an identifier every time the web page is called up. Since your browser sends this cookie with every connection to a network server without being asked, the network could in principle use it to create a profile of which web pages the user belonging to the identifier has called up. If necessary, it would then be possible to assign this identifier to a person again later – for example, when logging on to the social network later.

If you do not want social networks to collect data about you via active plug-ins, you can select the function “Block third-party cookies” in your browser settings; your browser will then not send any cookies to the respective server of the social network. However, with this setting, in addition to the plugins, other cross-page functions of other providers may also no longer function.

For more information on the purpose and scope of data collection and the further processing and use of your personal data, please refer to the data protection notices of the respective networks. There you will also find further information on your rights in this regard and setting options for protecting your privacy as well as your right to object to the creation of user profiles: We currently use the following plugins of the following social networks on our website:

18.1 Facebook
We use plugins from the social network facebook.com, which is operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, or if you have your habitual residence in the European Economic Area (EEA) or Switzerland, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Har-bour, Dublin 2, Ireland (“Facebook”). The link to Facebook’s privacy policy can be found here: Facebook privacy policy.

18.2 Twitter
We use plugins from the social network Twitter, which is operated by Twitter Inc., 1355 Market Street, Sui-te 900, San Francisco, CA 94103, USA or, if you are a resident of the European Economic Area (EEA) or Switzerland, Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland (“Twitter”). The link to Twitter’s privacy policy can be found here: Twitter Privacy Notice.

18.3 LinkedIn
We use plugins of the social network LinkedIn, which is operated by LinkedIn Corporation 1000 W. Maude Avenue Sunnyvale, CA 94085, USA, or if you have your habitual residence in the European Economic Area (EEA) or Switzerland, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). You can find the link to LinkedIn’s privacy policy here: LinkedIn data protection notice.

18.4 Intercom
We use the chat solution of Intercom, which is operated by Intercom Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA (“Intercom”). The link to Intercom’s privacy policy can be found here: Privacy Notice of Intercom.

18.5 Instagram
We use plugins of the social network Instagram, which is operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, or, if you have your habitual residence in the European Economic Area (EEA) or Switzerland, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Har-bour, Dublin 2, Ireland (“Facebook”). You can find the link to Instagram’s privacy policy here: Privacy Policy of Instagram.

18.6 YouTube
We use plugins from YouTube, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your habitual residence in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). You can find the link to Google’s privacy policy here: Google Privacy Notice.

19 Version
Version 07.02.2022. Subject to change or adaptation at any time.

© 2021 Cyber Incident Hub

Imprint & contact details - Cyber Incident Hub

Responsible for this website:

Cyber Incident Hub
represented by:
Farner Consulting AG
Dr. Daniel Heller

Address
Löwenstrasse 2
8001 Zurich
Switzerland

Phone: +41 44 266 67 67
E-mail: info@cyber-incident-hub.ch
Web: www.cyber-incident-hub.ch

UID number: CHE-105.833.189

You can find out what data is processed when you visit our website in our privacy policy. Please also note the terms of use of this website.

Terms of use – Cyber Incident Hub

Copyright
Unless indicated otherwise, the copyright for all content on this website is held by Cyber Incident Hub or one of its contracting partners. It is prohibited to use the content (especially images and graphics) without obtaining prior permission from Cyber Incident Hub.

User Rights and Obligations
Users of this website have the option of starting a dialogue with Cyber Incident Hub via the chat function. The corresponding posts/questions are published on the Cyber Incident Hub website together with the comments/answers. You must provide your email address or Twitter username to be able to use the chat function. Cyber Incident Hub reserves the right to delete and/or not respond to indecent or illegal posts/questions.

Disclaimer
All texts and links have been checked carefully and are continually updated. We endeavour to provide correct and complete information on this website, but we do not assume responsibility, liability or make any warranty whatsoever that the information supplied through this website is correct, complete, or up to date. All liability is excluded for damages of any nature that are incurred in connection with accessing, using, or retrieving the website or information contained on it. We reserve the right to alter information on this website at any time and without prior notice, and we are under no obligation to update the information contained on it. All links to external providers were checked for accuracy at the time of their inclusion; we are nevertheless not liable for the content and availability of any websites reached via hyperlinks. Such websites are accessed and used at one’s own risk. The provider of the website to which the link was made is solely responsible for illegal, incorrect, or incomplete content, and especially for damages arising from the content of linked pages. This applies irrespective of whether the damage is direct, indirect, or financial in nature, or whether it is some other kind of damage that could occur as a result of data loss, loss of use, or any other reason.

Severability clause
If individual provisions of these Terms of Use should be or become ineffective, this does not affect the content and validity of the remaining provisions, and the ineffective provision is to be replaced by an effective provision that most closely approximates the purpose of the ineffective provision.

Governing Law, Jurisdiction
These Terms of Use are governed exclusively by Swiss law. The exclusive jurisdiction is Zurich.

Version 07.02.2022. The right to change or adapt the content at any time is expressly reserved.

© 2021 Cyber Incident Hub