Tel. +41 61 295 50 10paul. eschmann@baselarea. swiss
«The question is not: Will we be hacked? but rather: When will we be hacked – and how well prepared are we to respond to it?» Under that premise, Boris Bogdan, Managing Director of Accenture in Basel, welcomed the audience to the Accenture Business Lounge on April 11 at Halle 7. The business event, organized by Accenture and BaselArea.swiss, was dedicated to the “Cyber threat landscape”.
“I show you how we have been hacking a hospital”, promised Uwe Kissmann, Accenture Lead for Cyber Security Strategy & Risk Services Switzerland, Europe and Latin America. First, he depicted the trends in cyber security. According to Uwe Kissmann, the main cyber threat trends mean that several countries are experiencing more hacking activity. In addition, the attacks are more advanced, often financially motivated and targeted at critical infrastructure. Manufacturing companies can become the target as well as a supplier, an electricity supplier or a hospital.
In an attempt to prevent hacker attacks, clients are often increasingly inclined to simulate attacks in search for weak spots. In order to arrive at a real-world – thus meaningful – assessment of the exposure, it is key to ask for top white hacking professionals, who are on top of the real threat vectors. Accenture therefore successfully hacked not only simple IT standard systems, but clients like a Car Racing team, an airplane and a hospital. In all three environments, safety is crucial. The IT security measures in the hospital proved to be chaotic. Hackers had too easy a time, gaining access to the infrastructure via the open WIFI, unsecured routers, open server racks, network switches lying about, and easy passwords. The hackers exploited the loopholes to change the images of a biopsy, to switch off the alarm at the ECG and to turn up the pressure from 1 to 10 bar in the gas unit of the respirator. One reason for this lack of security: “IT and OT are often disconnected. They should align better,” Uwe Kissmann advised.
Takeaways from Uwe Kissmann that are valid for private as well as corporate life:
- Cybersecurity is protecting a business’ success – not the IT only
- Use complex passwords
- Use different networks for emails and files
- Use different email addresses for different purposes
- Automate the defense
- Protect core assets
- Don’t only protect yourself, but keep your whole ecosystem safe
- Try not to be the weakest link
- Be proactive when it comes to cyber security
- Pressure test the resilience of your infrastructure
- Adapt your security measure to the realities
- Do not be paranoid, but start today!
Text by: Annett Altvater