The cyber security business – claims based on estimates
This article is written without technical frills to make the topic accessible to people who are not IT-savvy.
What did John McAfee himself once say?
"From the moment they urged me to plant backdoors based on the new regulations for American software companies, I left my company operationally because I couldn't reconcile that with my conscience."
It is an open secret that many manufacturers of malware, antivirus or entire TTA/ERD solutions not only exchange information with intelligence services, but also receive funding from them in addition to cooperation.
This has long been established in the American context, as American legislation requires software providers of all kinds to install backdoors. This also applies if the server is located in Switzerland, because the Americans don't really care. It is less well known that this is regulated in the European context by means of a personnel relationship or money. The same goes for the fact that this type of interference can also affect internet service providers or fintechs.
In Yerevan, Armenia, where an Eldorado for software programming has now emerged, the majority of American and German services have also taken up residence in companies that program solutions for well-known providers on the European market. Here, things happen far away from the actual headquarters of the provider. Whether knowingly or unknowingly, it doesn't really matter.
Although Armenia, as a former Soviet state, is certainly close to Russia, albeit politically dwindling under the current leadership due to the influence of the USA, the country also has over 3,300 NGOs today - as of November 2024 - i.e. one NGO for every 300 citizens, which exert enormous influence at various levels, including cultural and media professionals. While the Russians are present with three NGOs, mostly as sponsors in the cultural and educational sector, the 88 percent of US-dominated NGOs mostly operate by awarding money, tied to conditions that have to be fulfilled. The large remainder, which squanders German taxpayers' money in Yerevan (approx. 2 billion euros), is also distributed among "the interests of the company". An important aspect of the German company here is not only the implementation of the SDGs but also the implementation of German law.
Of course, George Soros also has his foundations here. In addition to the Open Society, he also runs 13 other NGOs. So it's an exciting environment. But at some point you have seen it all and focus on life and work.
Back to cyber security: In a global context - and Switzerland is no exception - hacking or sniffing attacks are now mostly attributed to Russians, Chinese or Iranians, at least that's what you hear from the media as an average citizen. Such attacks, which take place via servers in Switzerland or Europe as a relay and are primarily directed towards the Middle East, are also primarily attributed to the protagonists, often in small print, as follows: "Source origin based on estimates" or "likely to medium Russian origin", which means nothing other than that they are circumstantial. Often based on rudimentary own research, which is published as conclusions of origin. And then they say: The Russians did it! Or it was the Chinese!
Many Western analysts can't even distinguish between Russian and Ukrainian words when they find a few clues in the depths of the web. Of course, a good 83 - 87 % of all hacker attacks today are of a state nature. A small part is due to ethical hacking groups and the rest is actually criminal in nature.
However, there is absolutely no exchange between the states themselves. They probably don't want to make a fool of themselves. A Swiss FIS would never make inquiries in Russia about a particular group or so-called hacktivists, not even at a diplomatic level. Take TAG110, for example: the group is often attributed to the Russians, although there is a lot of Ukrainian information about it. So if you ask the Russians about TAG110, you get the answer: "Of course we know them: Should we put you in touch with them in North Korea? They also have a few well-paid Ukrainian strikers with them, but the mood there is bad at the moment."
When I read threat reports, PoC or leaked data reports, I primarily focus on how it is structured and orchestrated. And the question often arises in my mind:
Would the Russians really cyber-attack Iran, where there are excellent bilateral relations? And via Swiss relay servers? Hardly. And since StuxNet, we also know that US and Israeli interests tend to take the upper hand in keeping potentially emerging economies small until they can go and harvest them themselves. Of course, the Chinese and Koreans (South and North) are no saints either. It is now part of every state to keep an adequate hacker force running.
Not to do so would be simply negligent in today's context of information procurement. Here, too, Switzerland is lagging behind. Although Arma-Suisse likes to recruit people at lectures in the "Suurstoffi" as part of the HSLU lecture series, to my knowledge the NDB - where the cyber security force is currently based - does not have the necessary resources, which it would certainly need.
Private resources ...
Let's take a look at the six privately funded cyber security threat detection centers that are tied to at least one cyber security solution provider and their resources:
- 160 to 220 people
a mix of cybersecurity specialists, programmers, senior network engineers, system engineers, analysts and cryptographers, who operate at least 15,000 honeypots of varying degrees of difficulty around the world, but also take apart all CVEs and PoCs, and then equip their solutions with the appropriate testing mechanisms. Sometimes a game of cat and mouse.
And there are no more than six private threat detection centers in the world. The remaining players are state-run.
... vs. state resources
These figures look very different for state actors. Bloggers for disinformation and propaganda are also playing an increasingly important role these days. Some states such as the USA, China and Israel operate their own divisions according to skill sets and areas of responsibility. Here are a few figures for China, estimated from information from Western publications over the last few years:
- Elite Hackers: approx. 1200 people
- Sniffing & penetration: 2500 people
- Analytics: 7000 people
They actually work in state-controlled factories, but decentralized.
For a country with 1.7 billion citizens, the resources required are reasonable. Israel has roughly the same resources. For the Americans, with their fusion of various departments, NSA and sister company BND, the figure is likely to be many times higher. In addition, the structure is much more fragmented between the CIA, NSA and the US military, DOD and Homeland Security. In addition, the Americans are directly involved in the tech companies, as are the Israelis.
One well-known Israeli force is UNIT 8200, designed as a state-run secret cyberwarfare unit. Compared to other state troops, it is extremely active, including in the global online propaganda context. It also likes to infiltrate so-called trusted flaggers/fact checkers in the social media, but of course the focus is on gathering information that goes beyond the purely online world. The number not only has a symbolic numerological character, it also reflects their troop strength.
Targeted allegations and finger-pointing
To this day, I personally find it very funny that Kaspersky and Huawei have been accused of installing backdoors and are still holding on to this today in plenary halls or lectures, even though it has never been proven. On the contrary, both companies were never interested in playing with fire, not only for reputational reasons, but also for ideological and market reasons.
The fact is that Huawei has refused to install backdoors for (L)I (Legal) Interception in the 4G components and nodes, in accordance with the American request, on the grounds that these could paralyze a network once in the wrong hands.
If something like this comes out, you're off the market as a provider. Just like Krypto AG from Switzerland (note: the Federal Council already knew about it in 2017, it became public shortly before humanity was crowned in December 2019 and then quickly disappeared from the media radar).
But even an accusation is enough to take market share away, to force EU regulations that this or that provider may no longer be used. Or to take the wind out of the sails of an up-and-coming provider because it is really good at what it puts on the market (ZDF Boehmernann/BSI/Protelion/Fäser - in court with a claim for damages, ZDF has been proven wrong in its accusations).
lost).
Which in turn shows that it is not about rational technical facts or real verifiable incidents, but purely about ideological and geopolitical decisions and, on top of that, what the gentlemen on the other side of the Atlantic have to say. Unfortunately, it has to be said, the whole of Europe is dancing to this.
To summarize, you could also call it an information war. Led by the American and Israeli states. Even the British, so far unmentioned here, are not green behind the ears.
The ever-evil Russian
Interestingly, since September 2024, all internet providers in Russia have not only blocked the VPNs of all traditional EU and US providers, but also the domestic ones - all mobile operators are able to detect and reject shadow socks on the fly on LTE radio antennas. This makes it more difficult (not impossible, but with greater effort) for other actors who pay for resources in Russia to operate from Russia, and also makes it much more difficult to use servers located in Russia for sniffing and attacks.
Of course, you hardly read anything about it in the Western media, but that's not surprising. It simply wouldn't fit into the narrative.
A few days ago, when I attended a conference organized by the ÜPF (Legal Interception 2024), which was quite interesting, the FIS presented Russian cyberattacks as one of the greatest threats to Switzerland and Europe. When one participant asked at the end of the presentation whether the geopolitical tensions, the war in Ukraine and so on, had changed the balance of hacker groups since 2022, in particular the geographical allocation of such attackers, for example whether those from Russia had increased significantly, the Deputy Head of the FIS had to answer in the negative. These are at the same level as in previous years and are more or less in balance. In short, he himself contradicted the slide he presented within a few minutes. But the man doesn't have an easy job either, it should perhaps be added.
Disguised as Russian
The bottom line with malware is that once you have identified and partially decrypted it in order to study the code, and then you discover something Russian in the comments in the code, you show it to a native Russian, who often has to say: "It looks like a machine translation". Or: "That's Ukrainian. I know what he wants to say, but we would express ourselves differently. That wasn't written by a Russian."
It is part of the game to lay tracks so that someone other than the originator is suspected. And one of the oldest basic principles that an intelligence officer has to master.
There are hardly any saints in this industry, regardless of whether they operate from Switzerland, Germany, Ukraine, Russia, China or Israel. Everything else is a whitewash, along the lines of: fits the narrative perfectly. After all, hacker activities from Kazakhstan, Uzbekistan and Azerbaijan are far higher than those of the Russian Federation. We can see this ourselves in our own honeypot infrastructure.
Hotspot Caucasus
Poor" Armenia is also at the forefront. It is not for nothing that Apple, like Google, has introduced restrictive filtering measures against traffic from Armenia; Apple even went a step further for its messaging app, formerly known as iMessage:
If you remove an Armenian SIM card from your iPhone, its messages and Facetime immediately become useless. Because of spoofing. If you do this with a Swiss SIM card, you have three weeks to reinsert the SIM card as verification and can continue to use the apps with the registered identifier. Of course, there is a reason for this.
In Armenia, there is another special feature: Since Russia's special military operation, many so-called lifestyle or tech bloggers have fled Russia and are not only scattered around the cafes and restaurants in Yerevan every day with their D-Link or Peplink SDWAN LTE devices.
Many of them indulge in a nice lifestyle around Sewan Lake, where they go surfing or sailing during the day and get down to business in the camping bistro in the evening. As we discovered during our family vacation there.
If you really want to, you can collect these over 5000 lifestyle-oriented protagonists truck by truck. A popular spot on Lake Sevan is the right bank of the lake towards Azerbaijan. The places there are also full when the schools and universities in Armenia reopen.
Towards winter, they head to the ski resorts around Tzakhador. The ladies in these groups, who often sit at the headset, treat themselves to a good, expensive drop of white wine or Prosecco from 3 pm. You have to earn that first. Of course, there are also many Ukrainians who work from Yerevan. You can recognize them by the tattoos on their upper arms or calves. Seeing a tattooed Bandera is much easier than finding a Van Gogh in a museum.
But if you talk to the people in charge here, who have just as little control over their own safety, you get the answer: they have other things to do. It's like the Hydra. If you chop off one head, two new ones grow. Which is all to say that it is professionally organized. Very professionally. A gentleman at Sevan Lake, he was a product manager for an Armenian start-up, proudly told me the night before that he had nothing to do with the riff-raff over there. He was doing something else, would I like to see it? Sure - I want to.
"Look, I'm doing something with SaaS, I'm currently designing a small SaaS front end and small ERP for car garages. First for the American market. How long have you been here?" - A while now, why? Can you imagine what the Americans have in common with the Armenians in the automotive sector?
Sure, I could: "Every second car here has a broken windshield, even if it's a Porsche Cayenne, he won't fix it." - "Yes, exactly, and in Europe you have Car Glass, such a quick repair service for windscreens." - "Yes, we do, because you have to fix it quickly by law," I added. He continued: "Look, my brother lives and works in the USA. He's a SysAdmin at one of the larger insurers. And he's got the data on all the car garages that are insured there, from small to medium-sized and the really big car garages, and we know everything about them. We make them a targeted SaaS offer, designed for small to medium-sized garages.
This is structured differently in terms of price, depending on the size of their turnover and number of employees for faster settlement with the insurers. In the industry, it's like in banking, open API standards. In addition, they can also have extra services similar to a Wix website and professional functions for booking appointments as well as a small mini ERP specifically for car garages. And most of them will need that. That's how we bind them to us. And know everything about them. You're Swiss, right? You have a provider, Bexio, which is also owned by the insurers, so they know everything about their corporate customers, booked turnover, their suppliers, stock and so on.
This has made it more difficult to 'cheat' insurance companies in the age of big data. But in principle, we are now doing something similar in the USA. And later we'll adapt it here for Armenia, because we'll get to see how the suppliers scale data and prices and discounts: Isn't that cool?
One 'brother' opens an insurance company, the other 'brother' opens an import/export company and we then get the garages as customers here too and do good business along the entire value chain. And at some point, it will become mandatory to repair broken windscreens here too. Then we'll be ready and cash in. We will be at least 18 months, if not two years, ahead of others before they can catch up.
I nodded: "It will be a good business." He grinned and continued: "I'm only involved a little but well kept with 6000 dollars a month. The local Armenian company has investors. Also from Europe. The costs are incurred here and not in the USA. Maybe we can stay in touch and do something in Switzerland?" - "Sure, of course. But tell me. Don't you have a guilty conscience with your brother's data?" "C'mon my dear - that's business as usual!"
"Look, this is my design flow for the database, for new garage registrations." He showed me the details, we zoomed in and out. "Maybe there's another identifier?" I asked him.
"Well, I don't do that. As product manager, I only define the minimum. The other guys have to program it, they'll probably know where to put what." I couldn't let it go: "But look, your tool allows you to select the line here and set and define it." - "Yes, yes, but that's not my job." The answer reflects the Armenian mentality a little.
It was a very exciting stay at the campsite. And I actually exchanged numbers with some of them. You never know ... But the vacation was coming to an end and we had a long journey home ahead of us. The schools open on Mondays. And I was sure the other group had already bought new SIM cards.
On the way back from our summer vacation, we went shopping in one of the many Yerevan City stores, which is comparable to a Coop in Switzerland and belongs to an oligarch family. As luck would have it, I bumped into Samuel as I was rushing around the shelves. Both were surprised, but hugged each other briefly and exchanged a few phrases. "I am glad to see you man, and I am sorry, I know we should go for a coffee or lunch since a long time, but man, I am still busy to find the root of the Pegasus Spyware Attack against our leaders." Samuel is practically the cybersecurity guru of Armenia, on TV every week, reporting on the dangers of SMS and Facebook Messenger phishing, the latest scams to protect his countrymen. But he has also been very busy, in his own words, fighting against the PMC Wagner squad and their online propaganda factories, in the American context of course, as his CyberHub has a good connection to the CIA, which has its second largest global headquarters in Yerevan. And anyone with a bit of knowledge also knows that the Russian "troll factories" were defeated by the Western propaganda machines at a ratio of 1:100, or were never really good at it.
Officially, the Pegasus infection of Prime Minister Pashinyan and his six closest cabinet members is attributed to Azerbaijan, and this is how it was reported. It fits into the narrative of the Nagorno-Karabakh stories and is a tear-jerker.
Of course, everyone knows that the use of Pegasus by the Israelis always has to be "approved" first and that it is very unlikely that Israel would license Pegasus to its arch-enemy Azerbaijan, which maintains excellent relations with Iran. (And so you see: cyber security is geopolitically oriented.) It was the Americans who simply want to know whether the investments made in the country are being implemented by the leadership in their interests. Certainly not the Azerbaijanis. As we had only spoken about this together almost six weeks ago, I was surprised that he and his ArmaSec and Cyberhub had not made much progress. His problem was:
"André, I know you don't want to have anything to do with this kind of thing, but we're still in the dark about where they've all identified with it. It's a big challenge that still boggles our minds, and you know it's almost impossible to say with absolute certainty. But they want answers from us."
Well, I told him this. "Look my dear, take a look at Spain. The same thing happened there. And they had the same things in common as your government members: all their children attend the same elite university, even with you, all their children are at the same elite university here in Yerevan, an American one, and your masters drive them there too and have saved their WLAN access, don't they?
"Oh shit, man, you could be right, it makes totally sense now for me, but we can't investigate there."
I advised him to talk to the National Intelligence Service about it. He replied that "that won't work because the government didn't even go there with the problem, but came straight to us". Why, I asked him? "Well, because our chief Nicolai doesn't think it's cool that the national service is rather neutral and doesn't support the anti-Russian line. And that reduces the government's confidence in possible results or instructions."
I couldn't help but laugh and replied, go to school, check all the IT employees and you'll get there. And if you have any suspicions, ask your colleagues (Americans) for more information about these employees. And if you don't get an answer, you know where you stand." He smiled back: "Yes, that's definitely doable. I don't really want to know, but I have to earn my money too ..." "Cya and I'll get in touch for a coffee, yeah?" - "Sure, go ahead." Although I knew he wouldn't call. He didn't either. But that's fine with me. Otherwise I would have to start charging a consulting fee at some point, which is not ideal due to the geopolitical situation, and I set myself a clear objective in January 2020 that I would only focus on SMEs and enterprise customers. And that the days of dealing with rabbit warrens are definitely over for me. I wouldn't want to miss it, it was definitely interesting, but it can be quite exhausting when viewed in retrospect.
It should be noted that iQcom has no business activities in Armenia. The author, a Swiss national, is married to an Armenian woman, the father of three children, and is a regular visitor to Armenia and Switzerland.
By the way: With key-based symmetric VPN solutions, you can get in or out of Russia even without the devices being certified by the FSB. You simply have to disguise the endpoints properly. For example, as a Netflix IPFS node. But then the effort is greater. But as long as Whatsapp and Telegram still work, which is no longer the case with Facebook and Google, the effort is only worthwhile for programmers, media professionals and the like.
The crux of trust
As an SME or medium-sized company, you need to have one thing above all else when it comes to cyber security: trust and confidence in the solution provider. In general, it is advisable to employ a cyber security specialist within your own organization who has at least five years of experience in the real economy after graduation. And, of course, experience with solutions that include policy management, live queries and, if necessary, machine learning, and who also knows how to use this, i.e. can also automate some things in a coherent manner.
The whole thing is paired with employee communication and EULA guidelines and regular training every one to two years, where everyone is shown what to look out for themselves without scaremongering. Nowadays, many people break out in a sweat when they receive an e-mail containing an attachment. That's a bad sign. Of course, nobody wants to be to blame. But if the fear is greater because the organization itself cannot ensure security, this is not only a wrong development, but also inhibits efficiency due to the fueled insecurity of the respective employee.
In addition to a firewall and endpoint security, network security should also not be ignored, but is more worthwhile in terms of cost for organizations with several locations. And of course there are various data centers where you shouldn't have any hardware in there either, according to the reverse motto: "Look, trust, who."
Goals and intentions
We learned above that, depending on the year, only just under 11 to 14 percent of malware and hacking attacks are attributable to criminal organizations - mostly operating from Ukraine, Balkan countries, Turkey and a few African states as well as, very increasingly, from India and Pakistan.
India and Ukraine are big contenders, followed by the Balkans, the Africans and the Turks. These attacks are usually associated with ransom demands, which for small and medium-sized companies often approach the €200,000 mark and have to be paid in either Bitcoin or Etherium.
The Indians look for their victims mainly in the USA and Great Britain, the Ukrainians and Turks in German-speaking countries because they also speak German. In other words, we have an enormous number of people with a migrant background in this business who grew up in Germany, Austria or Switzerland, or at least learned German, and then later moved back to their home country. And it would be easy to carry out a dragnet search with existing data here too, if you really wanted to tackle it. If there's one thing the data-hungry state knows how to do, it's manage personal data, isn't it?
The scams are different: Sometimes they pretend to be Microsoft and that something is wrong with your license code for Windows 10, call the victim with spoofed VoIP numbers, then send them a remote access link to check the matter through their support staff.
If the victim has already been taken in and downloaded something that ran a bash script in the background and set up a reverse tunnel to the attacker, then they can easily take two to five months to observe the target, rummage through their photos and files until they find something that makes the victim vulnerable to blackmail.
Then the question often arises for the organization concerned and the law enforcement authorities: What is more efficient? To pay and to be able to work again? For the law enforcement authorities, it is often a game of cat and mouse that is enormously resource-intensive. Not infrequently, but not across the board, it is also about obtaining intellectual property or information for a competitive advantage, where a competitor hires someone to do it. Often, these companies are not even aware of this and think it is only about ransom money. It is often difficult for laypeople to understand the real data outflow because the blackmail is based on a picture, a chat message from a loved one or the encryption of the entire data.
The situation is different for state actors. From paralyzing critical infrastructures, gathering information, often also targeting companies in order to sound out the vulnerability of political opponents, cause damage or even siphon off intellectual property or pending patents in advance. This was already done with the Echolon in the days of the fax. Siemens knows the tiresome game with the Americans very well. And of course it's costly when tens of millions are invested in the research and development of a solution or a device and the American patent office gets a fax processed 8 hours earlier than they did in Bonn back then. Not much has changed today. On the contrary, many people have put their valuable data in the American cloud for a lot of money.
Fatal mistakes and their costs
Unfortunately, it's not much different in the D-A-CH region than it is globally. Many small to medium-sized companies have a firewall - if the worst comes to the worst. If they have one at all, then for budget reasons without intrusion prevention or TDA/EDR solutions. You often hear: I have everything in the cloud anyway. It's statements like this that make someone like me shake their head twice. And the consequences and costs are fatal if you get caught out. And it usually comes from the cloud from
Office365 or other American service providers. This is because only the rudimentary core services are operated there, which do not offer comprehensive protection and in principle do not protect against anything. Protection must be provided locally in the office and on the end devices. Many owners of small to medium-sized companies still don't seem to have understood this in 2024.
The total amount of ransom demands paid in Switzerland alone exceeded CHF 125 million for the first time in 2023. This does not include the follow-up costs for loss of working hours, lawyers, law enforcement authorities and restoration of productivity. In the EU as a whole, the figure is in the billions, not including the gray area of unreported incidents due to shame, a sense of honor, etc. The Zurich cantonal police estimate the number of unreported incidents to be many times higher.
These are tidy sums that go to a small number of criminal hacker gangs every year, who use them to treat themselves to a life of luxury, often in the Seychelles or the Cayman Islands.
The next time you, as a reader, are on vacation in the Seychelles and see a man or woman in a deck chair or at the bar with a notebook, make it look as if you are watching the person. There's a good chance that after a few minutes, they'll get nervous and go on their way ...
Of course, the authorities also work together internationally whenever possible, but often their hands are not only tied because certain countries do not participate in all treaties/cross-border agreements. A person suspected abroad also has more rights to legal information about what is being investigated against him and to what extent, and can therefore often escape possible charges...
Backgrounds and solutions
There are many roads that lead to Rome. Considering the fact that the major cloud providers such as Microsoft Azure/Office365 and AWS are still among the biggest virus and malware slingers today, in addition to the fact that they also index and analyze all your files, and thus also your trade secrets, intellectual property and, above all, who had contact with whom and when. Since 2009, the providers' solutions have also been able to display this in real-time spider diagrams with the bubbles of interconnections.
During the Ukraine crisis, American service providers such as Microsoft Office 365 and Google Business (#GAFAM) took advantage of this with the "OFAC" list managed by Standford University, and within a short space of time put tens of thousands of companies in Europe out of action, completely ruining their owners privately if the organization had previously done legitimate business with Russian companies from Europe. In short, Microsoft and Google searched their services for invoices, documents in general, as well as contact details of their own customers, and did not even do this manually, but transmitted it to the OFAC list via API.
The consequences for these companies, some of which worked as suppliers for other companies and some of which had never done business with Russian companies themselves: Termination on the part of Google or Microsoft, with a short window of opportunity to transfer gigabytes of data, followed by bank account terminations, most notably Deutsche Bank and UBS AG. The media: they remain silent.
So much for your privacy with the American cloud providers: Zero. Of course, this also applies to pupils and students who have to work on Office365 at their institutes. Not even the school essays and the students' thoughts are free anymore, but are officially used at least for training the American AIs.
Considering that there have been no changes in the vulnerability of operating systems in the last 30 years, perhaps it would be up to the company boss to pull the lever. Microsoft Windows, whose core architecture even with Windows 11 still consists mainly of technology from 1978 with .DLL, once founded by a self-proclaimed philanthropist who liked computer viruses so much that he also participated in anti-virus solutions, and later also dealt extensively with viruses for humans, is sometimes the market leader in the public sector, some industries and, thanks to its global distribution, the number one cause of malware and virus spread.
And if you really want to keep Windows secure and protect your privacy, you will still have to reinstall it in 2025 with various tweaks via AtlasOS (https://github.com/Atlas-OS/Atlas) and in this day and age, where SysAdmin and CTOs prefer to hand over responsibility to cloud providers instead of getting into their pants themselves, this is unfortunately a rare rarity.
What you see more and more often in the SME environment is Apple's macOS and not infrequently because the iOS experience has also been convincing over the years. But pure Linux environments are also on the rise. And an enormous amount has happened in the Linux sector for normal users in the last seven years. More and more users are realizing that with Linux OS, even a Xerox or Ricoh MFC can be configured cleanly within seconds via Bonjur/mDNS, and that even the little girl from Lieschen Müller can fold and staple brochures on Linux. At a time when there are a million apps in the best Linux app stores and the majority of people work with browser-based cloud solutions, this is definitely worth discovering. And it significantly reduces IT costs.
Making targeted investments in cyber security is not only worthwhile in the long term, it pays off. And it also leads to a more relaxed atmosphere in the workplace. I've often heard the boss yell at customers. "Don't click on the attachment!" Everyone trembles. But in this case, it would have been perfectly okay.
Conclusion
Finally, I don't want to advertise any companies or software solutions here where you can get this or that, which you should at least have as protection, especially in the Windows world, because I personally always like to analyze this individually for each organization. However, I would also like to add that many in the DevOps area also get a lot of poop in their dockers, which is why our team only considers a holistic approach that fully incorporates the cloud infrastructure - wherever it may be.
But the SME owners, especially in the D-A-CH region, have to give themselves a jolt and set themselves up correctly according to their needs and special features. This also applies to macOS users.
We are happy to advise SMEs personally, because it is not just office or fiduciary companies that are affected. It is also not uncommon for a joinery with a CNC park to be affected. And if there is an unprotected NAS lying around with the CAD or GEO data, then "good night at Sechsi". Sending 20 employees home for one or two weeks can be fatal. And what we offer Fortune 500 organizations is also suitable for SMEs, tailored to their needs and affordable. And above all, we don't work with "top sellers" and a chart where you can see who has sold the most licenses or plugins or modules, as is the case with many providers. The customer pays for what he wants to prioritize.
Finally, an answer to a much-asked question of perception, which is entirely justified by the Snowden and Wikileaks revelations:
Are there any secure cloud solutions or data streams today that are truly protected from third-party access?
Yes, they do exist. And as is so often the case in life, you don't have to look far for the good stuff. There are several Swiss providers. If you would like to find out more, you are welcome to subscribe to our newsletter, which is published about four to six times a year.
If you are interested in the topic of whether Swiss service providers are generally clean, we recommend the DDPS publication here (2x80 pages), which you are welcome to enjoy with popcorn and potato chips like a little thriller:
Incidents in the Cyber Division of the Federal Intelligence Service Part 1
Incidents in the Cyber Division of the Federal Intelligence Service Part 2
Of course, the average consumer likes to say: Oh, I have nothing to hide. Except for your business secrets, your contacts, which lead to and guarantee your long-term success. This is exactly where the American cloud providers come in. It could be that next month an American company opens a branch in your town and actively approaches your customers in your industry. With special offers. The Chinese are no different. But they also tell themselves:
"If the Americans siphon off Europe and make it uncompetitive, then anyone can order directly from us at factory prices. At the expense of the long-standing distribution companies and ultimately in terms of service quality for the end customer."
Since the introduction of the new FMÜ tool, Switzerland has been a world leader in the field of legal real-time surveillance following a crime or involvement in criminal activities, and many other countries are hugely impressed by the possibilities.
Unfortunately, Switzerland has also been far ahead of the rest of the world in terms of illegal real-time surveillance and data retention since 2020/2021, but that is beyond the scope of this article