WMC IT Solutions AG 

Legal basis

The imple­men­ta­tion of risk man­age­ment for SME com­pa­nies makes a sig­nif­i­cant con­tri­bu­tion to the ful­fil­ment of the legal require­ment pur­suant to Art. 716a of the Swiss Code of Oblig­a­tions, accord­ing to which the Board of Direc­tors, as the company’s top man­age­ment, is oblig­ed to organ­ise the account­ing sys­tem, pre­pare the annu­al report, car­ry out finan­cial con­trols and man­age the company.

The Fed­er­al Office for Cyber­se­cu­ri­ty (BACS) pro­vides up-to-date infor­ma­tion:
(Source: BACS press release dat­ed 6 May 2024)

Twice as many cyber inci­dents were report­ed to the Fed­er­al Office for Cyber Secu­ri­ty (FOCS) in the sec­ond half of 2023 than in the same peri­od last year, name­ly over 30,000. The strate­gic direc­tion of the new Fed­er­al Office is based on four pil­lars in order to strength­en cyber secu­ri­ty for the pop­u­la­tion, the econ­o­my and the author­i­ties in the face of increas­ing threats and the emer­gence of AI-dri­ven fraud.

The BACS looks back on its first few months as the new fed­er­al office. Direc­tor Flo­ri­an Schütz gave an ini­tial assess­ment at an expert dis­cus­sion on 6 May. The trans­fer of the Nation­al Cyber­se­cu­ri­ty Cen­tre (NCSC) to a fed­er­al office on 1 Jan­u­ary 2024 marked an impor­tant mile­stone in strength­en­ing Swiss cyber­se­cu­ri­ty. The pri­ma­ry tasks of the BACS con­tin­ue to be to increase Switzerland’s secu­ri­ty in cyber­space. To this end, it informs and sen­si­tis­es the pub­lic about cyber threats and attacks. In addi­tion, the BACS acts as a con­tact point for report­ing cyber inci­dents and sup­ports oper­a­tors of crit­i­cal infra­struc­tures in par­tic­u­lar in deal­ing with these inci­dents. The BACS also pre­pares tech­ni­cal analy­ses to assess and defend against cyber inci­dents and cyber threats. It iden­ti­fies and reme­dies weak­ness­es in Switzerland’s pro­tec­tion against cyber threats in order to strength­en the country’s resilience.

The core man­date of the BACS is to strength­en the cyber secu­ri­ty of crit­i­cal infra­struc­tures, the econ­o­my, edu­ca­tion, the pop­u­la­tion and the author­i­ties by coor­di­nat­ing the imple­men­ta­tion of the Nation­al Cyber Strat­e­gy (NCS). The Fed­er­al Office’s strat­e­gy pre­sent­ed today shows how this core man­date is being ful­filled. The aim of the BACS is to improve cyber secu­ri­ty in col­lab­o­ra­tion with all rel­e­vant stake­hold­ers. To this end, it organ­is­es its ser­vices along four strate­gic pil­lars: Mak­ing cyber threats under­stand­able, pro­vid­ing means to pre­vent cyber attacks, reduc­ing dam­age from cyber inci­dents and increas­ing the secu­ri­ty of dig­i­tal prod­ucts and services.

The num­ber of cyber inci­dents report­ed in the sec­ond half of 2023 almost dou­bled to 30,331 com­pared to 16,951 in the same peri­od of the pre­vi­ous year. This increase is main­ly due to fraud­u­lent job offers and alleged calls from the police. The most fre­quent­ly report­ed inci­dents includ­ed attempt­ed fraud, with the cat­e­gories ’CEO fraud’ and «invoice manip­u­la­tion fraud» being par­tic­u­lar­ly con­spic­u­ous. With 5536 reports, the num­ber of phish­ing reports dou­bled (pre­vi­ous year: 2179). Of par­tic­u­lar note is so-called «chain phish­ing»: phish­ers use hacked e‑mail inbox­es to send e‑mails to all address­es stored in this inbox. As the sender is like­ly to be known to the recip­i­ents, there is a high prob­a­bil­i­ty that they will fall for the phish­ing. The phished e‑mail account is then used to write to all the con­tacts in the account.

There was also an increase in reports of attempt­ed fraud involv­ing the use of AI. Cyber crim­i­nals use AI-gen­er­at­ed images for sex­tor­tion attempts, pre­tend to be celebri­ties on the phone or car­ry out invest­ment fraud. Although the num­ber of reports in this area is still com­par­a­tive­ly low, the BACS believes that these are the first attempts by cyber crim­i­nals to explore the poten­tial uses of AI for future cyber attacks.