Cyber Security
What’s it about?
Digitalisation is opening up an array of new opportunities, thanks to enhanced efficiency, increased flexibility and outstanding innovation. However, as business’ networks are growing, this also leaves companies ever more vulnerable to cyber attacks. According to a survey carried out by Digital Switzerland on behalf of Mobiliar (2022), a third of SMEs have fallen victim to a cyber attack in recent years. Cyber criminals are setting their sights on SMEs with increasing frequency as they do not have the same means to defend themselves as larger enterprises. Cyber attacks can cause substantial financial losses for companies, along with reputational damage, and even interrupt a company’s operations to the extent that their very existence is put at risk.
Digitalisation is opening up an array of new opportunities, thanks to enhanced efficiency, increased flexibility and outstanding innovation. However, as business’ networks are growing, this also leaves companies ever more vulnerable to cyber attacks. According to a survey carried out by Digital Switzerland on behalf of Mobiliar (2022), a third of SMEs have fallen victim to a cyber attack in recent years. Cyber criminals are setting their sights on SMEs with increasing frequency as they do not have the same means to defend themselves as larger enterprises. Cyber attacks can cause substantial financial losses for companies, along with reputational damage, and even interrupt a company’s operations to the extent that their very existence is put at risk.
And despite this, plenty of people whose job it is to be responsible for this area aren’t yet aware of these pressing threats. When asked, many say, ‘We’ve got an IT provider. They’ll be on top of the IT risks.’
But:
- IT providers generally aren’t experts in IT security
- IT departments often have their hands full with their day-to-day work
- Lots of cyber attacks aren’t due to systems being hacked, but rather due to human error or process errors
What’s Aeberli’s solution?
We have worked with our AGN network partner MTG Consulting GmbH to develop a three-phase cyber security concept so companies can address this issue in a targeted manner. Every level in this concept can be seen as a standalone module that can be commissioned independently depending on the company’s need.
We have worked with our AGN network partner MTG Consulting GmbH to develop a three-phase cyber security concept so companies can address this issue in a targeted manner. Every level in this concept can be seen as a standalone module that can be commissioned independently depending on the company’s need.
Cyber security analysis (module 1)
The cyber security analysis involves your company being subjected to a holistic cyber security investigation. A risk-focused approach is taken to identify the biggest technical and process-related risks facing your company. The cyber security analysis includes technical audits of the IT system in place, process audits and extensive documentation to lay the groundwork for drawing up a long-term strategy. On request, a roadmap can be created along with the analysis so you can prioritise which, if any, weaknesses in the IT infrastructure to tackle first and approach this work in a sustainable fashion.
The cyber security analysis is not intended to simply uncover security flaws in your IT system. Rather, it is designed as a structured way to identify the biggest risks and to draw up tangible steps and recommendations for the sustainable improvement of IT security at your company.
The cyber security analysis is not intended to simply uncover security flaws in your IT system. Rather, it is designed as a structured way to identify the biggest risks and to draw up tangible steps and recommendations for the sustainable improvement of IT security at your company.
Cyber security projects (module 2)
In phase 2, dedicated projects see technical or process-related measures being summarised and implemented accordingly. We serve as a neutral consultant to support the execution of these projects, making our expertise available to your IT department or IT service provider.
Construction of an ISMS (module 3)
In phase 3, we consolidate the work performed in phases 1 and 2 to construct an information security management system. The goal of this is to sustainably establish information security at your firm – and provide evidence of this, too.
The ISMS is constructed in line with a recognised norm (e.g. ISO or BSI), enabling you to prove your company’s IT security credentials to external parties.
The ISMS is constructed in line with a recognised norm (e.g. ISO or BSI), enabling you to prove your company’s IT security credentials to external parties.
What effort can you expect?
All our work (modules 1 to 3) is performed by acknowledged IT security experts from within our network. Aeberli coordinates the involvement of these experts and the project is overseen by your account manager. The below table provides an indication of the amount of time required for the cyber security analysis:
All our work (modules 1 to 3) is performed by acknowledged IT security experts from within our network. Aeberli coordinates the involvement of these experts and the project is overseen by your account manager. The below table provides an indication of the amount of time required for the cyber security analysis:
Work
Company size
Time required
Module 1
0 – 49 employees
3 – 4 days
Module 2
> 50 employees
5 – 6 days
Modules 2 and 3
not relevant
as necessary
