The National Test Institute for Cybersecurity NTC tests what is otherwise not tested. It examines digital products and infrastructures for vulnerabilities that are not or not sufficiently tested - even on its own initiative. The problem: The performance of vulnerability analyses - insofar as they involve the (attempted or actual) penetration of another party's data processing system (penetration tests) - is in potential conflict with the hacker offense under Art. 143bis para. 1 SCC. Accordingly, it is punishable "whoever by means of data transmission equipment unauthorizedly penetrates a third-party data processing system that is specially secured against his access". In short, without an explicit order and without consent, the detection of security vulnerabilities is punishable under Swiss law as soon as the access security of a third-party system is overcome or an attempt is made to do so. In addition, the Criminal Code makes the manipulation and alteration of data a punishable offense.

Justifiable emergency

If criminal norms are violated in the course of vulnerability analyses, justifiable necessity according to Art. 17 StGB can be invoked under certain circumstances. The intrusion into a system is only justified if there are concrete indications that a system is affected by potential security vulnerabilities. In addition, the discovery, documentation and information about these security vulnerabilities must serve the purpose of averting malicious access. From a subjective point of view, it is a prerequisite that the person authorized to act in an emergency must be aware of the emergency situation and act to save the threatened legal asset.

Publication of vulnerability assessment results

Before a detailed publication, the identified and documented security vulnerabilities should be completely eliminated. If this is not the case, the level of detail of a publication should be reduced to the necessary information. This will give system users adequate warning and the opportunity to protect themselves.

With the publication of the legal opinion, the NTC is making a contribution to the current National Cyber Strategy of the Swiss Confederation, which aims to institutionalize ethical hacking. The testing and verification laboratory in the canton of Zug works closely with research institutions, private cybersecurity companies and international experts. The NTC has been in existence since December 2020. 

Source and further information: www.ntc.swiss

The online customer survey conducted in April 2023 by the Swiss Institute for Quality Testing (SIQT) confirms the top performance of Internet service provider Quickline: In the Swiss Industry Monitor 2023, the company takes 1st place among Internet providers in the "Customer Service" category for the third time in a row and is in the top 3 for "Value for Money" and "Customer Satisfaction". "The awards for the high quality of our customer service and for high customer satisfaction confirm our daily commitment to customers. We provide them with regional, personal and competent advice. I am happy to pass on this praise to our frontline staff," comments Frédéric Goetschmann, CEO of Quickline, on the results. "We are pleased that Quickline Internet, which has won several awards, is also among the top 3 in Switzerland in terms of price/performance ratio."

The Swiss Institute for Quality Testing conducts provider-independent and objective tests of services and products. Every year, the industry monitor determines the best providers in terms of customer satisfaction, customer service and value for money in a cross-industry, nationwide online customer survey. 

Sources: Quickline / www.qualitaetstest.ch/awards/schweizer-branchenmonitor-2023

The Swiss Association for Quality and Management Systems (SQS), which is celebrating its 40th anniversary this year, held a dialogue event with over 25 CEOs and other top managers from the Swiss economy on Tuesday, June 20 at The Dolder Grand in Zurich. At the event, two theses from the book "Wheels of Normality. How norms and standards create trust". SQS recently published the non-fiction book with the NZZ Libro publishing house. The two theses are: Norms and standards are (partly) decisive for prosperity in Switzerland; and it is precisely an open SME economy like Switzerland's that benefits from such private rules.

S-GE notes protectionist tendencies of norms and standards

In his introduction, SQS CEO Felix Müller showed how and why norms and standards make it easier for organizations to reliably meet high expectations - and thus contribute to our confidence in a normality characterized by quality, safety and comfort; a normality that is neither self-evident nor given and thus anything but "normal".

In her keynote speech, Dr. Simone Wyss Fedele, CEO of Switzerland Global Enterprise, emphasized the importance of norms and standards for the global networking of the Swiss economy. Local exporters benefit from clear and generally recognized rules. It is also important that companies can demonstrate that they comply with these rules by means of credible certificates such as those issued by SQS. However, Wyss Fedele also expressed her concern that important trading partners of Switzerland were increasingly using norms and standards for protectionist purposes.

"We would have neither the resources nor the know-how for such instruments"

In the following discussion, the companies had their say. Felix Müller was joined on the panel by Jürg Rogenmoser, part owner, member of the board of directors and operational managing director of Aeschbach Chocolatier AG; Dr. Peter Roth, standards representative of the Hilti Group and member of the board of the Swiss Standards Association (SNV); Christian Späth, head of the Civil Engineering Division and quality delegate on the executive board of Implenia AG; and Dr. Matthias Wandfluh, chairman of the board of directors and CEO of Wandfluh AG.

Two findings of the discussion were: Norms and standards are indeed important tools for companies to reduce complexity, avoid errors and guarantee quality. "It is precisely an SME like ours that benefits from this," said Matthias Wandfluh. "We would have neither the resources nor the know-how to develop such instruments ourselves." However, private standards in particular, which large companies impose on their suppliers, are becoming increasingly difficult for SMEs to meet in terms of number and scope. "More and more large customers are imposing their own requirements. Just filling out the corresponding questionnaires is almost impossible for us," said an entrepreneur from eastern Switzerland.

Participation is possible and urgent - especially for sustainability rules

This was a steep learning curve for Peter Roth, who is involved in the development of standards on behalf of the Hilti Group and the Swiss Standards Association (SNV). Unlike private standards, recognized standards, for example those of the International Organization for Standardization (ISO), are developed in a transparent, participatory and democratic process. As a result, they are more likely to serve the interests of the general public, not individuals. Roth urged those in attendance to take advantage of the opportunity to participate. "Of course, it's easier for a large corporation to provide the necessary resources. But ultimately it boils down to this: standardize, or you will be standardized!"

The concluding discussion with lawyer Dr. Elisabeth Bürgi Bonanomi, who heads the Sustainability Governance unit at the Centre for Development and Environment at the University of Bern, made it clear that it is more urgent than ever for business to play an active and constructive role in the development of new norms and standards. The state in Switzerland and abroad - especially in the European Union - has long since begun to enact numerous new rules in the name of a more sustainable economy.

Source and further information: SQS

Swiss Engineers United AG SEU was developed as a platform for Switzerland by engineers for engineers. It responds to the ongoing shortage of skilled workers and other current challenges in the engineering industry with a special business model: SEU grows through the targeted acquisition and smooth integration of healthy SMEs, with the owners of the partner companies and all existing SEU shareholders participating in the holding company. It is an ecosystem that brings together vital and innovative engineering companies by combining know-how, latest technologies and innovative ideas under one roof.

Overcoming challenges together

"Our goal is to help shape the future of the industry, to tackle challenges together and to combine the spirit of innovation, expertise and dynamic entrepreneurship," says SEU co-owner and Chairman of the Board Franco Quinter, summarizing the credo of the newly founded holding company.  

With its multi-brand strategy, SEU, headquartered in Pfäffikon SZ, focuses on the uniqueness of its partner companies. Co-owner and board member Christian Vetsch says: "For SMEs, cooperation at eye level is much more valuable than energy-sapping competition. With our model, we enable far-reaching synergy effects and strengthen the individual partner companies individually and specifically." In addition, the SEU Group also enables successful succession solutions by separating the takeover of the company management from the financing of the purchase price.

Create synergies

In an increasingly digitalized world, SEU strives to create important synergies and optimize resources through innovations and its own international production sites.

At the same time, the Group values strong customer loyalty and is aware that it owes its success to its committed employees. Therefore, SEU promotes participation and further training, offers clear and transparent communication, and focuses on individual meaningfulness and appreciation of performance.

Soft integration strategy

For SEU, it is clear that each company is unique and has its own spirit. That is why the Group attaches great importance to a gentle integration strategy. Only necessary adjustments are made; the individual brand image, the external market presence and the unique spirit of the respective corporate culture are retained.

"We want to bring together the best in the industry and work with our partners and co-companies to proactively shape the future on an equal footing," says Chairman of the Board Franco Quinter of SEU.

Source and further information: SEU

The 154th SVTI Association Meeting took members, patrons and guests to Neuchâtel in western Switzerland. The statutory part was kept short as usual, so that the social program offered participants more time and opportunity for information and networking.

New member of the Board of Directors and adaptation of the Articles of Association

After 12 years on the SVTI Board, Daniel Rebsamen, who is also Vice President, has stepped down for reasons of age. René Kian Sarrafian, graduate mechanical engineer and head of the nuclear fuel department at the Gösgen-Däniken AG nuclear power plant, was unanimously elected as his direct successor.

In the recent past, the SVTI has repeatedly succeeded in participating in federal research projects. This has necessitated a corresponding selective extension of the purpose statement in the statutes, which refers to the implementation of research activities and the development of innovative technologies and products, particularly in the fields of technical safety supervision and the manufacture and operation of technical installations of all kinds.

Review, Outlook, Projects

The geopolitical situation, disrupted supply chains, skyrocketing energy prices or the shortage of skilled workers are just some of the challenges that had to be overcome in 2022. Nevertheless, the operating business was able to close with a very solid result. The consolidated financial statements - also called group financial statements - include the association as well as the subsidiaries and represent the overall business of the SVTI Group. The total turnover of the SVTI Group amounts to CHF 47.5 million. This sum is slightly below the previous year's value, but in line with expectations. Various business areas have developed positively and the entire organization has proven to be robust and well positioned. The international NDT conference under the auspices of the Nuclear Inspectorate in Switzerland took place in the year under review as a highlight with charisma for the future. The event was a great success with international appeal. It was also announced with pleasure that the SVTI Group received the prestigious "Swiss Employer Award" in the category "100 - 249 employees" on the basis of an employee survey. The "Swiss Employer Award" is the leading prize for determining the attractiveness of an employer and, as an award, gives employees a boost of confidence when looking for future employees.

Under the Innovation Fund, various technology-oriented projects for the further development of services and testing methods were initialized and advanced. These include, for example, the use of drones for measurements on components, robot- or crawler-assisted inspections, and research into the safe handling of hydrogen technology.

Keynote address "The Armed Forces, Switzerland's cadre".

The keynote speaker at the association's meeting was Colonel i Gst Mathias Müller on the topic of "The Army, Switzerland's cadre forge". Mathias Müller, who in an earlier NZZ article was also referred to as the chief recruiter of the Swiss Armed Forces, is today active in the function of project manager for top events of the Swiss Armed Forces, and is also the author of several books. With his presentation, he gave the participants an understanding of practical leadership issues and the military leadership philosophy of today. He also explained that leadership, with its many facets, plays a fundamental role in both the military and civilian sectors.

Source: SVTI

The shift to location-independent working, software-defined networks and rapid adoption of cloud connectivity is enabling global enterprises to achieve new levels of productivity and efficiency. However, as they transform their distributed network infrastructure to meet the demands of hybrid working and cloud computing, the attack surface also increases and they become more vulnerable to cyberattacks. Now, the two vendors are looking to address this challenge by offering the Prisma^® SASE (Prisma Access + Prisma SD-WAN) from Palo Alto Networks with the connectivity and digital integration capabilities of Orange Business and the managed secure access service from Orange Cyberdefense. This is because the vendor-managed SASE solution provides a secure foundation for agile, cloud-based organizations, according to the statement.

Complete AI-supported SASE solution

Building on existing modern connectivity solutions, Orange Business orchestrates networks, cloud and cybersecurity components to connect customers' business strategy and infrastructure strategy. In doing so, the Evolution Platform is the foundation for a secure, flexible and virtualized ecosystem. Orange Cyberdefense's self-described unique threat intelligence backbone, complemented by state-of-the-art functionality and expertise including detection and response, aims to help organizations achieve better security outcomes. The fully AI-powered SASE solution combines network security, SD-WAN and autonomous digital user experience management (ADEM) into a single cloud service. This increases security and reduces complexity.

Network and security architecture rethought

One company that has already chosen this solution is Imerys, a leading global minerals mining company. Imerys wanted to accelerate its cloud transformation and use agile infrastructure to transform its IT infrastructure to support business growth. At the same time, it wanted to ensure the highest level of global security through the managed SASE solution from Orange and Palo Alto Networks. The company also wanted to save costs by reducing the number of its suppliers and facilitating its M&A activities. Imerys now relies on Orange's SASE solution, based on Orange Business and Orange Cyberdefense functionalities, to create a secure, global, cloud-enabled network and smoothly migrate its current infrastructure. For maximum protection, Palo Alto Networks Prisma SASE now provides a zero-trust approach, regardless of whether an end user is inside or outside the corporate network.

More and more companies are turning to cloud solutions - also for cyber security

"Enterprises are adopting new cloud-based technologies to increase productivity, improve efficiency and offer new services. However, this is also increasing their digital attack surface," sums up Helmut Reisinger, CEO EMEA and LATAM, Palo Alto Networks. "The challenge to improve cyber resilience has never been greater. By combining our SASE solution with Orange's services and management capabilities, we are able to provide our customers with industry-leading network and security solutions in a single platform. It is easy to deploy, scale and manage, and delivers best-in-class performance." And Aliette Mousnier-Lompre, CEO of Orange Business, adds, "As more enterprises move their operations to the cloud and adopt a digital-first approach, our customers need to adopt zero-trust security. They are asking for a solution that brings networking and security together in a flexible, simple and cost-effective way. Together with Palo Alto Networks and Orange Cyberdefense, we offer a fully converged and managed SASE offering that delivers for our global customers."

Source: www.orange-business.com

Severe storms, pandemics, armed conflicts, terrorist threats, cyber attacks: crisis situations are occurring with increasing frequency and are increasingly determining the reality of life. Companies therefore need organizational resilience, i.e. the ability to anticipate crisis events, minimize their impact on business operations and ensure the safety of their employees. 

The company Everbridge shows how to become more resilient as a company in six steps. It aims to increase the resilience of companies and authorities in crisis situations.

1. Investing in the well-being of employees. Companies are only as resilient as their employees. Investing in training, mentoring, and resources that promote workforce well-being and mental health is therefore a top priority. Happy and healthy employees are better able to deal with crises and are more engaged in managing them.
2. Develop a resilient corporate culture. A resilient workforce also requires the right culture. Companies should recognize the successes of their employees, encourage them to learn from mistakes, and promote their cooperation. Then employees develop a strong sense of community, stick together in crises and pull together.
3. Maintain a leadership style of integrity. Managers in the company must set a good example. If they provide clear guidance, set realistic expectations and are approachable at all times, they create a sense of trust and stability among employees that will pay off in crisis situations.
4. Promote agile thinking and working. Solving problems quickly, adopting new approaches at short notice if necessary, and adapting to new challenges: These are the hallmarks of a resilient organization. Companies can develop these capabilities by promoting agile mindsets and agile working methods.
5. Proactively manage risk. Resilience requires a proactive approach. Resilient companies continuously assess potential risks, develop contingency plans and test them regularly. This then enables them, should the worst happen, to minimize disruption to business operations and recover quickly from setbacks.
6. Use integrated and intuitive technology. Technology plays a key role in building a resilient organization. Organizations need business continuity, disaster recovery and risk management tools that work seamlessly together and are intuitive enough to be used by anyone in a crisis.

"Investing in your resilience is no longer optional for companies. Building a resilient organization is now a top priority," said Stefica Divkovic, senior vice president at Everbridge. "With the above six steps, we aim to provide companies with a guide to assess their resilience and make necessary improvements if needed." The U.S.-based company, which has offices across Europe, relies on so-called critical event management (CEM) technologies in its work. These not only help to identify critical events earlier and respond to them proactively, but also to mitigate the impact and return to normal productivity more quickly.

In May 2023, two external auditors reviewed the information security management system of Bechtle Schweiz AG according to the international standard ISO/IEC 27001 and rated it as very good. The company, with over 600 employees at ten locations, is a leading IT service provider in Switzerland and, according to its own description, a partner of choice for consulting, IT infrastructure, cloud solutions, IT services, and software for SMEs, large companies, and the public sector. Its offering covers the entire IT lifecycle, from consulting to implementation and operation.

Responsible handling of confidential data

A central requirement of the ISO 27001 standard is the security of confidential information, which the auditors rated as very good at Bechtle Schweiz AG. The auditors thus confirm that Bechtle Schweiz AG ideally and strategically protects confidential data - especially that of customers and partners - from misuse, attacks, loss and disclosure, and keeps it safe. The certification is considered a supporting element for Bechtle's IT service management and thus also for the managed services provided by the company.

Continuous investment in safety level

Christian Speck, Managing Director of Bechtle Schweiz AG: "As a trusted IT partner, we handle highly sensitive data on a daily basis and consider ourselves obligated to our customers to meet the highest security requirements. Data protection is our top priority, which is why we regularly work on optimizing our processes and invest in security. I am pleased that the auditors have recognized our commitment and provided documented proof of it with this certification."

Source

Although Suva's current business figures are anything but pleasing, Suva premiums are nevertheless falling. This is positive news, which Suva's management was able to share with the public at the annual media conference. And flowers were also distributed internally: With the roll-out of digitalization in claims management, Suva has reached a strategic milestone, the insurance company announced. At the beginning of 2022, system-based rule and classification systems will take over the entire case management with a volume of over 490,000 claims. Daily allowance payments and reports of accidents and incapacity to work will be largely automated. However, if cases are more complex, specialists are still available to provide personal advice to companies and accident victims.

More cases recorded in 2022

Suva premiums continue to fall thanks to good underwriting result

Difficult investment year leads to negative annual result

Managers in Germany, Austria and Switzerland (DACH) perceive cyber risks as the most significant liability risks. This is the result of the annual "Directors' and Officers' (D&O) Liability Survey" conducted by the management consultancy WTW and the international law firm Clyde & Co, for which 610 board members, managing directors and risk managers from 40 countries were asked about their greatest liability risks.

Cyber extortion as top liability risk

The top 3 positions in the DACH region are occupied by cyber extortion, cyber attacks and data loss (Fig. 1). This is in line with the managers' global assessment. "We clearly see the uncertainties and high volatilities that companies are currently facing. They are surrounded by ongoing crises and at the same time have to maintain their business operations. "Risk management therefore takes on even more strategic relevance and is particularly supportive of companies at this time," says Kilian R. Manz, Head of Corporate Risk & Broking Switzerland at WTW in Switzerland.

Fig. 1: How significant are the following risks for your organization's managers? (Percentage of respondents who answered "very" or "extremely significant").

Cyber and economic risks threaten business activity

Asked about the biggest risks to their overall business, DACH managers also rate cyber dangers as the biggest liability risk: 67 percent of respondents see them as a threat to their business. This is followed by economic risks such as the tight labor market as well as inflation and recession (64 percent), on a par with regulatory hurdles (see Fig. 2 in the box).

In contrast, economic risks dominate the global responses. "Within these risks, companies worldwide feel most threatened by inflation, recession and a shortage of skilled workers," says Manz. The labor market risk, i.e. the difficulty of recruiting and retaining workers, is put at 74 percent in the DACH region.

Cyber: Risk from extortion increases

Threats from cyber attacks and data loss have been increasing in relevance for years and have found themselves in the list of top risks for managers since 2018 - regardless of company size. Since 2022, cyber extortion has increasingly come to the attention of managers. "Cyber extortion demands can be significant depending on sensitivity and data category, which is why attackers focus on appropriately attractive targets," said Leotrim Jasiqi, Head of FINEX Switzerland at WTW. "The criminals' technological edge provides changing dynamics of risk. Accordingly, risk management must be continuously reviewed and adjusted if necessary. While liability risk is covered by well-designed and aligned cyber and D&O policies - insurers may limit this coverage if companies cannot demonstrate appropriate IT security measures."

Climate liability risk: significance lower than expected

Climate change and environmental pollution as D&O liability risks are ranked slightly higher in DACH than worldwide - but for almost half of the managers surveyed, they play a minor role. Only for managers of organizations with revenues of five billion dollars or more does climate change rank among the top seven risks. "Depending on the size of the company, the assessment of critical, serious threats changes," Jasiqi said. "Large, publicly traded corporations have certain disclosure requirements that can increase the risk of an ESG-related lawsuit. For the smaller companies, the risk of insolvency is much more present. Claims related to insolvency present an increased D&O risk." The D&O Survey bears this out, with 51 percent of firms with less than $50 million in revenue rating the risk of insolvency or financial distress as very or extremely significant.

Jasiqi continues: "There are always examples of companies that have not been able to recover from a cyber attack. This tendency is not (yet) apparent with ESG risks. Nevertheless, it can be said that the larger the company, the higher its environmental footprint tends to be. International orientation can also be critical in assessing social and regulatory responsibility. "

"Data-based fundamentals support making time-relevant decisions and defining standards. This is all the more important as we must expect liability risks to increase further in the future," says Manz. "Cyber risk is almost unmanageable for many market participants and can only be limited by stronger security measures. Against this backdrop in particular, companies should resolutely put the hedging of these liability risks to the test as part of their risk management process."

Source: WTW

Overviews of other risks

Risks for business operations

DACH region Total Cyber Risks 67% 62% Regulatory/legislative changes 64% 61% Economic risks 64% 63% Climate change 50% 39% Covid-19 and lockdown measures 48% 42% Technological advances (artificial intelligence and machine learning) 48% 42% Geopolitical risks 42% 46% Diversity, equality and inclusion 18% 31% Brexit 0% 11% Fig. 2: Which risks pose the greatest threat to your company's business operations? (Percentage of respondents who answered "very" or "extremely significant").

In Switzerland, around 6.4 million citizens hold a driver's license. Approximately 600,000 driver's licenses in credit card format are issued annually. Since January 2023, the Austrian exceet Card Group has been producing the new Swiss driver's licenses in Kematen near Innsbruck using state-of-the-art technology and in accordance with the highest international security standards. Personalization takes place at the certified site in Switzerland. The exceet Card Group received the order for this from Orell Füssli AG. "As one of Europe's leading card manufacturers, we are proud and delighted to have received this major order and to be involved in this project," says exceet Card Group CEO Uli Reutner, emphasizing, "In order for us to be allowed to produce or personalize high-security cards, our sites regularly undergo the strictest certification processes, including the one in Urdorf, Switzerland, where the ID cards are personalized."

Expertise coupled with safety

To ensure that the new driver's license meets the highest security standards, the exceet Card Group works closely with the Swiss authorities as well as the Association of Road Traffic Offices (asa). Haptic security elements that can be easily felt with the finger, UV printing on the front and back, and a tilt image guarantee counterfeit protection. The card body is made of polycarbonate. Personalization, including a QR code readable with a smartphone, is done by laser engraving.

The design and security concept was developed entirely by Orell Füssli Ltd, exceet Card Group's long-standing Swiss partner and general contractor for the project, and meets the highest international security standards. "Launching the new generation driver's license in Switzerland is an exciting project for us and we are very pleased to be able to implement it with exceet Card Group," says Natalia Steinauer, Project Manager and Senior Solution Architect eID at Orell Füssli Ltd.

New driver's licenses in use since April 2023

Since April 2023, the cards have been personalized at the certified site in Switzerland in Urdorf and sent directly to driver's license holders. By centralizing personalization at a single certified site, it is possible to guarantee that the strictest security measures are adhered to. Roland Theiner, Head of Segment Government at exceet Card Group: "The continuous development of the 'Government' segment is a major concern for exceet Card Group. With an order at this high level, we not only experience a lot of trust in our expertise, but can also prove that this trust is well invested."

Source: www.exceet-card-group.com

87.4 percent of all companies surveyed expressed their need for 5G to connect and network Internet of Things (IoT) and operation technology (OT) in their operations. When looking at smaller companies with up to 500 employees, this figure even increases to 91 percent. This and other findings in the area of 5G security were discovered by market researchers at techconsult on behalf of Sophos in a representative survey of German companies.

Spread of 5G as a business network technology

Just under half of those surveyed (49.2 percent) are already using 5G as an alternative for classic cable or WLAN network connections, for example for devices or machines. Smaller companies are even using it significantly more (59 percent) than large companies (39.4 percent). When it comes to using 5G technology, production and logistics come first (62.3 percent). This is followed by network connectivity between external branch offices and corporate headquarters (42.7 percent) and supply chain connectivity with other companies (38.7 percent).

The vast majority know the risks

One of the greatest risks of 5G is the spying out of data via backdoors of the infrastructure providers - 87.4 percent of those surveyed said they were aware of this. Software vulnerabilities in the network itself that can be exploited by cybercriminals are also defined as a source of danger by 80.4 percent. However, one in five of the IT professionals interviewed (19.6 percent) is also ignorant here. More than two-thirds (65.3 percent) believe that the threat from increased government influence, such as espionage, is likely.

"Companies are basically correct in their assessment of the threat situation. Because of the complexity of 5G, so are the attacks. So far, almost no one outside of a nation-state has the resources to effectively execute such an attack," said Chester Wisniewski, Field CTO Applied Research at Sophos. "Because the use of 5G technology in industrial environments is not yet as widespread as traditional network alternatives, it will likely be some time before major waves of attacks are expected. Still, it's only a matter of time, widespread use and chances of success before cybercriminals target this network technology as well."

Another challenge in using 5G is that connections can automatically fall back to 4G or even 3G if network coverage is poor without appropriate precautions, automatically adding the risks of this older technology. This is clear to the majority, 80.9 percent, according to the survey. However, one in five (19.1 percent) sees no problem in this.

Too few measures are still being taken

The majority of all companies surveyed (74.4 percent) are of the opinion that 5G technology requires special security measures for business use in the company. But when it came to the question of whether these special steps would also be implemented, only just under half (48.2 percent overall) said they would. At 54 percent, smaller organizations are more consistent in this respect than companies with more than 500 employees (42.4 percent). The rest (43.2 percent) rely on standard security measures. And this is despite the fact that they are aware of the risks that 5G technology brings with it.

"It takes a lot of time and deep technical knowledge to grasp the incredibly long and detailed specifications of 5G protocols," explains Chester Wisniewski, Field CTO Applied Research at Sophos. "Only then can the potential risks of this technology and its features be identified and assessed. Companies need more information and support to ensure security in the specific area of 5G technology, such as security ecosystems including firewalls that support 5G."

Source: Sophos