Cyber risks have been all too apparent once again in 2021. A number of successful cyberattacks on established companies in Switzerland and elsewhere have made the headlines. Examples of this in 2021 include the successful attacks on the US company Colonial Pipeline in May and on a Swiss municipal administration in August. Attackers are becoming ever more professional, as well as increasingly organised in their approach. This makes the effective prevention and combating of these attacks more important, which in turn poses major challenges.
The various reports on cyberattacks received by FINMA in keeping with its Guidance 05/2020 “Duty to report cyberattacks pursuant to Article 29 para. 2 FINMASA” make this all too clear. In the first year since entry into force of this guidance, no fewer than 80 cyberattacks have been reported to FINMA. More than a half of the reports received by FINMA relate to attacks on availability through Distributed denial of service (DDoS). This situation occurs when a given infrastructure is blocked by a network of predominantly externally controlled computers. The second largest type of attack after DDoS attacks is unauthorized access to the infrastructure of supervised entities, followed by attacks involving malware (see graph above). The most frequent attack method was the web-based attack, which in most cases related to the above-mentioned DDoS attacks. A significant number of reports received by FINMA related to the exploitation of security gaps that were not addressed in a timely manner. Identity theft was a very common issue in connection with previous phishing attacks (see graph above). Since the start of 2021 there have been an increasing number of reports of successful attacks on the supply chains of supervised entities, with repercussions for outsourced critical data or key interfaces with third parties. Around 25% of reports submitted to FINMA related to this issue.
A successful cyberattack can have serious consequences for the functioning of the Swiss financial centre. It may, for example, delay the provision of a financial service or even render it impossible. For the financial markets to function properly, institutions that provide integrated or interlinked services are particularly important – e.g. financial market infrastructures, critical service providers of key IT systems for the financial centre and systemically important financial institutions. A successful attack on an institution of this kind could prove damaging not just to other financial institutions, but also to the Swiss economy as a whole. The reputational damage would be substantial, and confidence in the Swiss financial centre would be undermined. The effective prevention and combating of such attacks is therefore extremely important, including in the area of training for cyber risks and in connection with emergency processes for eliminating critical weak points.
(From the Risk monitor 2021)