Cyber attack: How can I protect my company?
Cyber attacks have long been a grim reality for Swiss companies, and although the costs and associated damage can be significant, many companies underestimate the severity of the situation.
Increasing networking and threatening hacker organizations make it more and more difficult to guarantee the security of companies. Those affected risk considerable costs and interruptions to their business because of cyber attacks. In Switzerland, too, SMEs should deal with the risk of cyber attacks to make sure they don’t become an easy target of one.
What is a cyber attack?
A cyber attack is an unauthorized attempt to access a computer or network. With such attacks, hackers try to steal the digital property of their victims, cause damage, or demand ransom money.
If the hackers are successful in their attack, this almost always results in a violation of data protection law. This will come to bear at the latest with the revision to take effect from September 1, 2023.
What types of cyber attacks are there?
As a rule, hackers use one of two standard methods for their cyber attacks: Phishing or malware. In the case of phishing, the attacker tries to gain access to confidential information such as usernames and passwords through falsified emails or websites. In the case of malware attacks, malicious software is used so that the hackers can gain control over the computer of the victim.
How is Artificial Intelligence (AI) used in phishing?
In phishing emails, AI can be used to create deceptively real-looking messages that are hard to tell from legitimate emails. The use of AI allows attackers to create personalized content that is targeted to their victims, increasing the success rate of such attacks.
The growing use of AI tools in email fraud and particularly in the area of phishing harbors significant security risks for companies. AI’s ability to generate fake content and personalize attacks makes it difficult to defend against such threats.
However, there are also other types of cyber attacks which are less widespread. One example is a denial-of-service attack (DDos attack), where hackers flood the IT systems of a company with a huge amount of data. This can result in business interruptions. Another example are man-in-the-middle attacks, where the information between two parties is intercepted and manipulated. This leads to a change to payment data or the theft of sensitive information.
What other AI threats are there for companies?
Advances in AI technology have led to the development of deep fake voices that increase the risk of CEO and voice fraud and can also be used by attackers in customer support.
In CEO fraud, cybercriminals pretend to be high-ranking managers and send payment instructions to employees. AI mimics CEO speech patterns and communication styles using deepfake technology in a deceptively real way, making it very difficult to detect fraudulent calls as such.
This form of deep fake fraud poses an acute threat, as the fake voices suggest authenticity and thus reduce employee vigilance.
AI-generated fake websites are also a growing threat. Automated tools enable cybercriminals to counterfeit entire brands and websites.
Trademark counterfeiting with the help of AI can create deceptively real copies of company websites that customers can hardly distinguish from the genuine ones. AI-generated fake websites carry the risk of luring unsuspecting users to fraudulent sites, which can not only mean financial losses for customers, but also considerable damage to the reputation of the companies concerned. Given the risk of AI trademark abuse, it is imperative for companies to continuously monitor their online presence and make sure their websites are protected from AI cloning.
How do I identify a cyber attack?
These are the most common signs of a cyber attack:
- Unexpected messages or documents from unknown sources, especially if they contain links or attachments
- More frequent pop-up ads with dubious information
- Reduced processing power of your computer
- Unexplained system crashing
- Changes to the system configuration without prior announcement
- Unauthorized activities in the system
- Abnormal network activity
This list is not conclusive.
How can I protect my company against cyber attacks?
There is no 100% guaranteed protection against cyber attacks. However, with the right preventative measures, you can minimize the probability of falling victim to one. Here are five tips on how to protect yourself against cyber crime, which are also easy to implement in your company.
1. Keep your software up to date
The more recent your software and systems, the more secure they are. Most software features automatic updates – make sure you activate them! In this way, you ensure that your applications are always state of the art and vulnerabilities are fixed in a timely manner. These make cyber attacks considerably more difficult.
2. Protect your network
A firewall protects your company's network against the dangers lurking on the Internet. Make sure that your firewall blocks all data traffic from the Internet – unless you expressly allow it.
3. Regularly back up your data
Making regular data backups is absolutely essential: In this way, you can at least be assured that your data is not completely lost after an attack. Define a data security process that suits you and follow it consistently. Make sure that you back up your information at least once a week and save the data in a safe place offline. Check whether the saved data can be replicated, i.e. that they function.
Research project: Security and insurance for artificial intelligence
As AI becomes increasingly widespread in our daily lives, it is essential that we manage the risks associated with it. Under the leadership of Professor Lukasz Szpruch, University of Edinburgh, and in collaboration with Marcin Detyniecki, Group Chief Data Scientist & Head of Research & Advanced AI at AXA, the research project “AI2” examines insurance and security services which protect companies from unreliable AI solutions in order to understand, measure and lastly to potentially insure against AI failures. This will give AI developers clear incentives to develop more secure and more reliable products that will better protect humans and companies.
4. Avoid prompt injection in AI-supported tools
The use of AI-supported tools carries the risk of prompt injection; this is when attackers exploit vulnerabilities in the command prompts and infect the system with malicious code or unwanted commands. This leads to unauthorized access, data loss or system compromise. SMEs that use standard AI solutions without thorough security checks are particularly vulnerable to such attacks. Prioritize the identification and remediation of AI vulnerabilities in the company to prevent prompt injection.
5. Make your staff aware of the importance of making backups
When it comes to cyber security and preventing cyber attacks, people are the decisive factor. Regular training and internal communication campaigns make an important contribution to dealing with a company’s IT and data securely.
6. Use good anti-virus software.
It is up to you which anti-virus software you use. But make sure that it is active and that the software is up to date. If you carry out a daily scan on top of this, you are well prepared to ward off attacks and can react to them fast.
Written by:
Nadine Graf
Nadine Graf is a theme manager and writes texts for AXA on topics related to insurance and beyond.
