The online magazine of the Swiss Bankers Association
December 13, 2019


“Increasing pressure” and “critical minds necessary”

“Increasing pressure” and “critical minds necessary”

The Swiss Cyber Security Days will be held for the second time in February 2020. They provide a platform for policymakers, businesses, academics and decision-makers in the fight against cybercrime. Nicolas Mayencourt and Paul Such, two of the event’s organisers and proven experts in this field, answer questions about cybersecurity.

Mr Mayencourt and Mr Such, you are both currently working on organising the next Swiss Cyber Security Days. In your opinion, what are the biggest global challenges in the area of cybersecurity?

Photo_N. Mayencourt pour Insight (002).jpg
Nicolas Mayencourt, CEO Dreamlab Technologies AG (Bern)
Mayencourt: The Fourth Industrial Revolution and digitalisation are giving rise to new business models that are replacing the old ones. Megatrends such as hyperconnectivity, the IoT, connected everything and smart everything are not only opening up new possibilities, they also mean that the scope for attacks is growing exponentially. At the same time, systems are getting more complex. These all represent fundamental and major challenges for cybersecurity. In addition to this, the market is demanding ever greater speed and, from the point of view of security, the risks are also increasing. After all, we’re now in an age in which “cyber” controls the physical world – just think of connected cars, building technology or surgical robots. This means that a cyber gap can quickly cost lives. Then there’s the financial risk: cybercriminals have long discovered a business case that is as efficient as it is lucrative: while the top 10 Internet companies generate annual revenue of USD 650 billion, cybercriminals generate USD 1.7 trillion. So the pressure to address this matter is rising significantly.

"Cybercriminals have long discovered a business case that is as efficient as it is lucrative."

Photo_P. Such_pour Insight (002).jpg
Paul Such, CEO Hacknowledge SA (Préverenges)
Such: In the future, we will be living in a completely interconnected world. Companies are making great efforts to safeguard their products and services. One of the biggest challenges will be to raise awareness among users and consumers about the fact that certain aspects of the security problem cannot be solved automatically or by magic, but that instead, these are actually their responsibility. I’s necessary to understand, to analyse, to have a critical mind... and that’s the responsibility of each and every one of us. Even the most secure application is always at risk if users use a weak password.

Is Switzerland doing enough compared to other countries when it comes to cybersecurity?

Mayencourt: It is, of course, always possible to do more. Compared to other countries, Switzerland is certainly not the one making the fastest and most decisive progress in the area of cybersecurity. Other nations are still far ahead of us and we should try to reach at least the same level. But Switzerland now has a “Mister Cyber” and an organisation dedicated to cybersecurity. However, it’s still too early to say what measures this organisation will implement.

"Even the most secure application is always at risk if users use a weak password."

Such: Switzerland cannot be compared with its large neighbouring countries – especially because we don’t take an offensive approach to security. Numerous pragmatic approaches are being taken and are beginning to bear fruit. It’s not yet possible to say whether the measures that have been taken are effective.

What development do you hope will result in a major leap towards greater security on the Internet?

Such: I’m not banking on any one particular measure, but rather on several combined changes and technologies. I’ve been working in the cybersecurity industry for 20 years now and I no longer believe in miracle products.

"There is an urgent need for clear international rules, such as a Geneva Convention on cybercrime."

Mayencourt: I could name many technical issues, but that would be taking too narrow a view. What we really need – and we’re lagging behind in this area by about 20 years – is social awareness, a modernisation of the political responses to the challenges and a better understanding of the threats. We’re talking here about new rules for industry, fundamental digital rights, an understanding of digitalisation and adapting the old social norms to make reality cyber-suitable. At the moment we’re in the Wild West. It’s time to find a way out of this situation, to introduce product liability in the cyber area, to set minimum security requirements and thus to guarantee society’s fundamental rights and basic security.

What developments or trends concern you?

Such: Cybercrime will be a very important source of income for criminal organisations in the future, the attacks will be extremely well planned and may target all levels of society.

"The financial sector is an area where trust plays a key role."

Mayencourt: What worries me most is the danger of attacks or espionage by criminal organisations or even by countries. There is an urgent need for clear international rules, such as a Geneva Convention on cybercrime. This lack of rules combined with the ever-increasing pace of digitalisation and new possibilities such as 5G, artificial intelligence or even decisive war machinery is really worrying.

How exposed is the financial sector when it comes to cybersecurity?

Mayencourt: The financial sector’s exposure is huge. On the dark web you can find all kinds of business cases for carding portals, theft at cash dispensers, e-banking trojans, SWIFT hacking and so on. Cybercriminals are making a fortune with these.

Such: The financial sector is an area where trust plays a key role. A secure IT system is therefore a fundamental requirement.

What are your concrete expectations of the SCSD on 12 and 13 February 2020 in Fribourg?

Such: To bring security professionals, politicians, business leaders and students together under one roof, so that everyone will act in concert.

Mayencourt: We’ll have highly valuable controversial discussions about socially relevant issues at the highest level. On the first day, the event will be opened by government officials. We’ll have the opportunity to welcome Mister Cyber and the Chief of the Armed Forces, who will inform us about the nation’s situation in terms of cybersecurity. Smartrail, the new models for rail transport, will also be a topic. And we’ll hear about the experiences of organisations that have been attacked, such as hospitals that have been hacked and the luxury brand IWC. On the second day, we’ll address the topic in a more global context and discuss cyberwars and other international issues. For this segment, we’re working with the Geneva Centre for Security Policy and with the World Economic Forum’s Centre for Cybersecurity, which we’re particularly proud about. On both days, the Tech Tracks will feature leaders in international cybersecurity research who work for renowned companies such as GitHub, Intel, Trend-Micro and many others. In short, it’s safe to say that the Swiss Cyber Security Days are Switzerland’s most important event and platform in this area and that they make an important contribution to a safer Switzerland and a safer world.