Review of SCSD 2024: Cyber is a joint task

The fifth edition of the Swiss Cyber Security Days (SCSD), the dialog and know-how platform on the topic of cyber security, was successfully held on Tuesday, 20 and Wednesday, 21 February. The most important decision-makers and experts in the field of cyber security at national and international level met at the Bernexpo site. The event was attended by over 2,200 people. In his opening speech, Program Director Nicolas Mayencourt drew attention to the fact that cybercrime has literally exploded in recent years. In 2022, the damage was many times higher than the damage caused by natural disasters. For this reason, this platform on the topic of cyber is needed more urgently than ever: "There is a global lack of understanding of the impact cyberspace has on our society. We therefore see it as our task to act as a bridge builder and help the topic gain more attention."

More than 2.5 million vulnerabilities in Switzerland

Among other things, the annual edition of the State of Swiss Cyberspace was presented at SCSD 2024. This is a scientific scan of Swiss cyberspace, which includes all ICT infrastructures connected to the public internet. Over 2.5 million potential vulnerabilities were identified.

Robert Bohls, Cyber Operations Chief of the FBI, and Admiral Dr. Thomas Daum, Inspector of Cyber and Information Space of the German Armed Forces, were among the highlights of the rich program of presentations. Both emphasized that cyber security is not just a national issue, but that international cooperation is needed to master the challenges ahead. Natalie Silvanovich, Team Leader of Google Project Zero North America - an elite group of hackers - showed how they search for and eliminate existing vulnerabilities. Christian-Marc Lifländer, Head of Cyber Defense and Policy at NATO, provided fascinating insights into warfare in cyberspace. On the second day of the event, former NASA Science Director Thomas Zurbuchen also spoke about cyber security in space. He stated without question that NASA and its suppliers have been and continue to be targets of cyber attacks. He regrets that there is still a kind of "culture gap" between tech specialists and cyber experts: for the former, cyber specialists still have the reputation of "compliance police" and bureaucrats, while the latter refer to techies as "cowboys/girls and risk junkies". This gap needs to be overcome by adopting an innovation-driven approach.

A strong signal against disinformation

Disinformation is the most immediate risk to global stability. This was emphasized by Alois Zwinggi, Managing Director of the World Economic Forum (WEF), during his speech. He also presented the WEF's Global Risk Report 2024. Prof. Dr. Touradj Ebrahimi, Professor at the Swiss Federal Institute of Technology Lausanne EPFL, gave reason for hope. He presented the international "JPEG Trust" standard, which will be published in summer 2024 and rolled out worldwide. This will help to ensure the trustworthiness and authenticity of visual media content. Mauro Vignati from the ICRC showed just how far disinformation and cognitive warfare can go: according to a NATO definition, "cognitive warfare" is the most advanced form of mental manipulation of people that makes it possible to influence individual or collective behavior with the aim of gaining a tactical or strategic advantage. There is no question that cyberspace also serves as a means to an end here. Counter-strategies are difficult, as we must soberly note.

And SMEs? How threatened are they really? Christophe Gerber, member of digitalswitzerland.ch's cybersecurity commission, presented a figure that must give pause for thought: Only 14 percent of all SMEs consider themselves to be well equipped against cyber risks. The situation would be different for everyone else. The speaker warned that the risks should not be underestimated. "While large companies are investing massively in cyber security, they are becoming less attractive to hackers. Cyber criminals are now finding SMEs all the easier targets," said Gerber. And municipalities are also at risk, as they are basically no different to SMEs in terms of organizational size. "Many municipalities don't even know who to contact in the event of a cyber emergency." The recommendations are clear: SMEs and municipalities must obtain the relevant expertise, clarify responsibilities (e.g. create the position of a CISO) and, if necessary, purchase appropriate services. It is also important to ensure that protection mechanisms are in place 24/7 and to be prepared for emergencies. "Because it will happen, the only question is when," says Christophe Gerber. And after an emergency, you not only have to clean up and learn the lessons, but also remain operational at the same time.

Positive feedback from visitors too

The visitors were also enthusiastic. Emiel Brok, SUSE Ambassador Switzerland, said of SCSD 2024: "It was absolutely worth the trip to Switzerland. We were able to meet various exponents from interested companies and of course welcome the fact that open source topics are becoming increasingly relevant in the area of cyber security." Ingo Spranz, Regional Director CrowdStrike, echoed the same sentiment: "This was our first time as a sponsor and we were able to make valuable connections, meet customers and listen to exciting presentations. We are already looking forward to the next edition."

The program director of the Swiss Cyber Security Days, Nicolas Mayencourt, was enthusiastic about this year's event. "It is our declared goal to make Bern the cyber capital. I am very satisfied, it was a great two days and we learned a lot," said Mayencourt. The host and CEO of Bernexpo Groupe Tom Winter was also delighted: "Overall, our expectations of the Swiss Cyber Security Days were met. We are now looking forward to the next Swiss Cyber Security Days on February 18 and 19, 2025 here on the Bernexpo site".

Source and further information