Tel. +41 61 295 50 10paul. eschmann@baselarea. swiss
«The question is not: Will we be hacked but rather: when will we be hacked?» Under that premise, Boris Bogdan, Managing Director of Accenture in Basel, welcomed the audience to the Accenture Business Lounge on April 11 at Halle 7. The business event, organized by Accenture and BaselArea.swiss, was dedicated to the “Cyber threat landscape”.
“I show you how we have been hacking a hospital”, promised Uwe Kissmann, Accenture Lead for Cyber Security Strategy & Risk Services Switzerland, Europe and Latin America. First, he depicted the trends in cyber security. According to Uwe Kissmann, the main cyber threat trends are that more hacking activity is seen in the middle east, the attacks are more advanced, often financially motivated and targeted at critical infrastructure. Manufacturing companies can become the target as well as a supplier, the electricity supplier – or a hospital.
Loopholes for hackers
In an attempt to prevent hacker attacks, clients ever more often simulate attacks in search for weak spots. Accenture thus successfully hacked clients like a Formula 1 team, a plane and a hospital. In all three environments, safety is crucial. The IT security measures in the hospital in Israel proved to be chaotic. Hackers had too easy a time, gaining access to the infrastructure via the open WIFI, unsecured routers, open server racks, network switches lying about and easy passwords. The hackers exploited the loopholes to change the images of a biopsy, to switch off the alarm at the ECG and to turn up the pressure from 1 to 10 bar in the gas unit of the respirator. One reason for this lack of security: “IT and OT are often disconnected. They should align better,” Uwe Kissmann advised.
Take-aways from Uwe Kissling that are valid for private as well as for corporate life:
- Use complex passwords
- Use different networks for emails and files
- Use different email addresses for different purposes
- Automate the defense
- Protect core assets
- Don’t only protect yourself, but keep your whole ecosystem safe
- Try not to be the weakest link, be proactive when it comes to cyber security
- Pressure test the resilience of your infrastructure
- Adapt your security measure to the realities
- Start today!
Text by: Annett Altvater