NCSC semi-annual report focuses on cybersecurity in SMEs

11.05.2023 - The NCSC's second semi-annual report deals with the most important cyberincidents of the second half of 2022 in Switzerland and internationally. It focuses on the most important issues surrounding cybersecurity in SMEs.

Digitalisation is also progressing in small and medium-sized enterprises. Numerous computers are connected to each other via network interfaces. Processes such as order processing, planning, production and logistics are increasingly interlinked and digitally managed. This increases the number of systems that are accessible from the internet and therefore need the best possible protection. However, SMEs in particular often pay too little attention to cybersecurity. For this reason, the current semi-annual report focuses on cybersecurity in SMEs and highlights the most important aspects of protection against cyberthreats. In addition, a business and a police authority provide insight into how specific cyberincidents unfold.

Most frequently reported: fraud

In the second half of 2022, the number of reports received by the NCSC remained very high at 17,341, which was practically identical to the first half of the year. In total, the NCSC received 34,527 reports last year. Of these, 85% came from the public and the remaining 15% from businesses, associations and authorities. The reports concerned various forms of fraud, with fake extortion emails, i.e. threatening emails in the name of prosecution authorities, accounting for almost one third of the reports. Other frequently reported forms of fraud included CEO fraud and invoice manipulation scams.

Unchanged amount of ransomware

Ransomware reports remained constant and accounted for almost half of all reports in the malware category. About one third of the 76 reports concerned private individuals, two thirds involved businesses. The LockBit ransomware is often used in attacks targeting businesses. This malware is known for the fact that not only is data encrypted, but it is also stolen and posted on the internet if the ransom is not paid. Such double extortion approaches are being observed more and more frequently. Since many businesses have recognised the threat of ransomware and now have backups, pure encryption is no longer lucrative enough for attackers. The initial infection in ransomware incidents is often due to a vulnerability or poor configuration, as well as emails with malicious attachments and links.

Hacking reports continued to rise sharply

Compared to the previous half-year period, the number of reports regarding hacking almost doubled in the second half of the year, with 276 reports. In particular, social media accounts are a popular target for hackers, for example to blackmail users or to use the hacked accounts to distribute advertising for investment fraud.

Your opinion matters to us

We would like to know your opinion on the content of the current semi-annual report, so that we can better adapt such products to your needs in the future.

Last modification 11.05.2023

Top of page