Die drei führenden Beratungsunternehmen MLL MeyerLustenberger Lachenal Froriep (MLL), Farner Consulting, Oneconsult und das Startup CYBERA lancierten am XBorder Anlass des Handelsverbandes zum Thema «Trends im E-Commerce» vom 25. August 2021 den ersten interdisziplinären «Cyber Incident Response Hub» der Schweiz. Die Dienstleistungspalette umfasst relevanten Support gegen Cyberattacken. Dieser wird im Falle von Angriffen rund um die Uhr (24 Hours, 7 Days) durch die vier Unternehmen angeboten. Abgedeckt werden auf Cyber spezialisierte Rechtsberatung (MLL), Incident Response und Digitale Forensik (Reaktion auf und Untersuchung von Cyberattacken) (Oneconsult), Krisenkommunikation und Reputation Management (Farner) sowie internationale Reaktion bei betrügerisch entwendeten Geldern (CYBERA). Dieses schweizweit einzigartige Angebot begegnet in Zeiten des digitalen Wandels einer stark zunehmenden Bedrohung von Firmen durch Cyberattacken, Datenkorruption, Fraud und Erpressung. Zielkunden sind neben (Cyber-) Versicherern exponierte Firmen aller Art.
Spectacular cyber attacks, such as the ones carried out recently on the tech giant Microsoft and the American company Kaseya, “enjoy” a huge amount of international attention – normally to the benefit of the attackers: their criminal business models appear to be indirectly endorsed and worthy of emulation, because these attacks all too often end up with the criminals getting away with a lot of money and no punishment. This is why the number of cybercrime incidents, and the amount of losses sustained, is rising steeply and markedly.
Smaller businesses get caught out too But it is not just the big corporations that are being hit by the rising number of cyber attacks. That has been proven by the Stadler Rail and Comparis cases. A ZHAW study has also revealed that about one-third of all Swiss SMEs have already fallen victim to cyber attacks; and some 4 % of them have also been blackmailed. This means that already around 200,000 SMEs have been the victim of a cyber attack. That is a significant number, especially when considering that in various surveys, some 56 % of managing directors judge their IT security standards to be “good” or even “very good”. These findings reflect the scale of the threat facing businesses in this digital age. Thanks to their lack of awareness they may easily fall victim to cyber criminals. ICT Switzerland put out this warning in one of its studies: “The risk of falling victim to a cyber attack is not rated highly enough. The possibility of being unable to operate for a whole day or even to have their very livelihoods put at risk was viewed as a significant or major danger by only 10 % and 4 % of respondents respectively.” But at the same time, only 60 % of respondents confirmed that they had deployed in full such basic protection measures as malware protection, firewalls, patch management and backups. Systems to identify cyber incidents had only been fully implemented by one in every five businesses. Only 18 % of the businesses surveyed said they had procedures in place to deal with cyber incidents; a mere 15 % said they ran training for employees on the safe use of IT.
Sound advice is needed if it happens If a business falls victim to a cyber attack, it needs sound advice from a knowledgeable partner. A ransomware attack, for example, will be swiftly followed by a demand for ransom money, usually in a cryptocurrency so as to cover up tracks. Victims often remain uncertain, even after making the payment, whether they have indeed regained full access to the data that was encrypted by the attackers. They are left potentially with law suits, reputational damage, financial losses and uncertainty. Prevention, intervention and aftercare, along with sound advice, are called for here.
360° package offers a promising solution This is the starting point for the services being offered by the four companies. Successful prevention together with the appropriate response to cyber security risks calls for interdisciplinary and cross-border collaboration. The skills of legal, technical, forensic and communications experts are all needed if companies are to be optimally prepared for attacks, able to ward them off successfully and deal with, or at least minimise, their consequences. The law firm MLL has built up a network of first-class, experienced partners, allowing it to offer a coordinated response to all types of cyber security problem. Their round-the-clock service ranges from drawing up a cyber security response plan and analysing a company’s ability to deal with cyber risk, to dealing with security breaches, data loss and the investigation of cyber attacks in a legally correct manner. Good communication in the event of an attack helps to restore any reputational damage quickly.
When all is said and done, being able at all times to ensure cyber and data security is essential for companies today if they are to meet their legal obligations in respect of compliance and good governance.
Any loss of data, and the response to it, immediately gives rise to liability and accountability risk. Responding in the right way, even under the pressure of events, helps to reduce the risk of legal consequences.
Lukas Bühlmann, a partner at MLL
The sooner professional assistance is given, the smaller the risk that an organisation will sustain heavy losses because of a cyber attack. That is why it is important, if you are attacked, that you can call quickly on the services of an experienced, reliable and professional partner.
Tobias Ellenberger, COO of Oneconsult
Damage to, or theft of, sensitive customer data can lead very quickly to a public scandal. For the organisation involved, this can cause serious reputational damage. With the help of a good and experienced team providing professional crisis communication, reputational damage can be minimised.
Daniel Heller, partner at Farner Consulting
In order to block sums of money that have been fraudulently obtained by providing the information relevant under criminal law, and to secure those sums before they get laundered and are irrevocably lost, you need new solutions – and we offer them.
Nicola Staub, founder and CEO of CYBERA
The four partners together provide the optimal bundle of expertise to deal with cyber attacks, no matter what form they take. They offer: cyber-centred legal advice and data protection, cyber security, reaction to and defence against attacks, as well as digital forensics, reputation protection and crisis communication, protection against cyber fraud and 24/7 incident response.