Prior to the conference, we had the opportunity to chat with Daniel Seiler, responsible for the IT Projects of Switzerland’s National Cyber Security Centre (NCSC), and a member of the Advisory Board of Swiss Cyber Institute who shared his insights on digital transformation challenges in cyber security, how to build a strong culture of cyber security, best practices to defend against malware threats, and cybersecurity trends in Switzerland in 2023.
Daniel Seiler focuses his function on managing projects by connecting cybersecurity, compliance, law, technology, and ethics. He is also a delegate of Switzerland to the OECD’s Working Party on Security in Digital Economy (SDE).
Daniel was leading a track session on the topic of “New Swiss data protection law: changes & considerations”. He was also a panelist in the session “Cyberlaw and privacy: legal requirements and compliance challenges for corporations” together with Liliana Musetan from the General Secretariat of the European Council, Stefano Mele from Gianni & Origoni International Law Firm, Anna Pouliou from Deloitte, Spencer Mott from Booking.com, and Ilias Chantzos from Broadcom at the Global Cyber Conference 2022.
Read his full interview below.
What is the number one challenge to a secure digital transformation in cybersecurity?
The pace and complexity are challenging. Exciting new opportunities are opening up with digital transformation, but to take advantage of these opportunities, cyber risks must be addressed. The topic of cyber security must be given sufficient importance. It will remain an ongoing task in the future. Because with digitalization and social change, the threats will also change again and again.
Currently, fraud and ransomware attacks are frequent cyber incidents. In general, forms of attack that allow hackers to “earn” as much financial profit as possible with as little effort as possible will probably continue to dominate in the future.
How can security leaders better help their organizations build a strong culture of security?
Cybersecurity is a management responsibility! Those responsible for security must ensure that the topic of cyber security is regularly addressed at the management level and receives the appropriate attention. This means that cyber security must be defined and subsequently implemented. Risk management with regard to cyber incidents must be established in every company.
What policies and practices would you recommend to small businesses defending against the latest malware threats?
An important step to protect against cyber-attacks is to be aware of cyber threats and to adapt one’s actions accordingly when dealing with emails or using the internet.
Cyber risks can be significantly reduced if the most important basic rules are followed. These include a high level:
- Patch and lifecycle management: All systems must be consistently and promptly provided with security updates.
- Securing remote access: Remote accesses such as VPN, RDP, etc. as well as all other accesses to internal resources (e.g., webmail, SharePoint, etc.) must be secured with a second factor (two-factor authentication – 2FA).
- Block dangerous e-mail attachments: Block the receipt of dangerous e-mail attachments on your e-mail gateway, including Office documents with macros.
- Offline backups: Make regular backups of your data. Use the generation principle (daily, weekly, monthly – at least 2 generations).
- Awareness: Train your employees about cybersecurity. Explain to them how they can prevent damage by behaving correctly.
The NCSC publishes a variety of guides and checklists on its website on how private individuals, companies, or authorities can protect themselves from cyber threats.
- For private individuals: https://www.ncsc.admin.ch/ncsc/de/home/infos-fuer/infos-private.html
- For businesses: https://www.ncsc.admin.ch/ncsc/de/home/infos-fuer/infos-unternehmen.html
- For IT professionals: https://www.ncsc.admin.ch/ncsc/de/home/infos-fuer/infos-it-spezialisten.html
Cybersecurity is a constant battle, with demand for cyber talent continuing to increase and outpace supply. Where do we stand today?
Skill shortage is a reality in many areas today, including the cyber sector. The University of Zurich’s Job Market Monitor records the current state of the situation every year: https://www.stellenmarktmonitor.uzh.ch/de/indices/fachkraeftemangel.html
How do you see the cybersecurity world evolve in Switzerland in 2023?
The level and development of cyber security in Switzerland are comparable to other European countries. There are companies that take the topic very seriously and take corresponding measures and allocate budgets.
With the creation of the NCSC about two years ago, the Confederation sent a clear signal that cybersecurity is a topic of importance. However, cybersecurity is a joint task of the state, the private sector, citizens, and research and development.