“A cyberattack is more expensive than a natural disaster”
This year, for the first time, Bern was host to the Swiss Cyber Security Days. In an interview, Nick Mayencourt and Tom Winter explain how they combined a trade fair and a congress to make cybersecurity more accessible to laypeople, to show the cost of a cyberattack and how small companies can protect themselves against the dangers of the World Wide Web.
Nicolas “Nick” Mayencourt
His company Dreamlab was campaigning for cybersecurity before anyone was talking about it. Now, 20 years later, Dreamlab has branches in eleven countries and can barely keep up with contracts. Nick Mayencourt is the Programme Director of the Swiss Cyber Security Days.
Tom Winter
Since 2021, Tom Winter has acted as CEO of BERNEXPO. In collaboration with the Kursaal Bern and Bern Welcome, BERNEXPO forms the Congress Hub Bern syndicate which is committed to promoting Bern as a location for congresses.
Nick, your company checks how well the systems of other companies are protected against cy-bercrime on a daily basis. Where do you get your inspiration?
Nick: We invest around 40 per cent of our budget into continuous training. Our employees can submit an internal request if they want to test a device, an application, or an installation in our lab. For example, a colleague once checked a robot vacuum cleaner and discovered that the household’s Wi-Fi password – as well as the neighbouring households’ passwords – was being shared with the manufacturer. This is actually the case with all robot vacuum cleaners.
Which contract will you never forget?
Nick: Nick: The "Banco de Chile", which is responsible for around 54 per cent of all bank transactions in Chile, went dark from one day to the next. No network, no ATM, no payment terminal – all systems were deleted overnight. It was a national catastrophe, and we were asked to handle the crisis management. The assumption is that anarchic conditions will arise if a country’s banking system is not available for more than eight hours. Companies want to receive payments. People want to buy food. If that’s not possible, they just go and get it. We had two missions: firstly, to manage the crisis, and secondly, to establish how this could happened. We talked to the banking community, the security authorities, and the president, and managed to set up an emergency bank within two weeks.
How could this happen? The perpetrators hid a Trojan in an application to the bank. They first hacked through the HR department and then through the entire bank network. For months, the devices repeatedly showed minor errors. While all the bank’s resources were being used to fix them, the attackers withdrew money from the system. And to remove their traces, they deleted everything – which brings us back to the beginning of the story. Incidentally, it was the notorious hacker group Lazarus. We were able to establish their identity through good relations with other countries and security authorities. Surprisingly, even in this day and age, you can still count the number of companies able to solve a case like this on two hands. That’s why we can get these kinds of contracts.
How much does cybersecurity cost?
Nick: In 2022, natural disasters caused damages costing a total of 125 billion dollars. Cybercrime caused a total of 5,000 billion dollars. Therefore, a cyberattack is 40 times more expensive than a natural disaster. Nowadays, cybercrime is already the third largest economy after the USA and China. That’s how big this issue is. An earthquake causes visible damage, but when it comes to cybercrime, we humans quite literally don’t “see” the problem. Cybercrime is invisible – but the damage is real and, above all, huge. We want to use the Swiss Cyber Security Days to transform the existing risk into an opportunity.
What do you want to achieve with the Swiss Cyber Security Days?
Nick: There are enough hacker conferences and trade fairs. We want to use the Swiss Cyber Security Days to make the topic accessible to non-experts. Even though technicians are aware of the risks and opportunities, society has not acted yet. Why not? Decision-makers, i.e. politicians and regulators, need more knowledge to be able to make decisions. We want to create a platform where everyone can talk to everyone: speakers with exhibitors, politicians with experts, technicians with laypeople. The goal is to create a community, a combination of technology, trade fair and a social aspect. That’s why this year’s focus topic was “Shaping Cyber Resilience”. Cybercrime is a challenge that cannot be solved individually: not by the police, not by the military, not by Dreamlab. At the Swiss Cyber Security Days, we want to shape cyber resilience today – for a secure future.
What dangers did the experts specifically address in their presentations?
Nick: Brain-machine interfaces are not science fiction anymore. In 2017, a severely disabled test subject from the US-military was able to control a fighter plane via brain plug. One year later, with revised technology, he was able to control three fighter planes and 100 drones simultaneously.
Brain-machine interfaces enable communication between a brain and a computer.
It is already possible to implant memories of a visit to Bern or specific desires in a person by using a patch underneath the pillow in their hotel. That person would no longer be able to distinguish between what is real and what is not. A similar technology has been used for a long time to make life easier for people with diabetes: a patch, usually attached to the upper arm, collects live data of the person’s vital signs, and uses them to initiate the necessary drug cocktail. But we cannot forget that this technology could also be reversed. We are shaping the future today, which is why it’s so important to talk about it today. Dr. Jean-Marc Rickli, Head of Global and Emerging Risks at the Geneva Centre for Security Policy GCSP, did just that by talking about “Immerge Threats” – the risks and opportunities of new technologies such as artificial intelligence, drones, and human-machine connectivity in general.
At the Swiss Cyber Security Days, we usually also communicate the current state of the public target for cybercriminals in Switzerland. Without being asked, we hack around 2,5 million Swiss servers – we are walking right up to the legal border. Banks are the best performers, public administration, research, and healthcare the worst. To provoke action, we are holding up a mirror to society. Everyone thinks the same: “Nothing’s going to happen to me. I’m not interesting enough.” An absolute fallacy. Cybercriminals are opportunists. They don’t consciously choose a target but experiment until they hit something. If you’re vulnerable, you’re a victim. It doesn’t matter if it’s an SME (small business) or a large company. These were just a few of the countless exciting topics from Switzerland and from around the world that we were able to present over these two days.
What role does cybersecurity play at BERNEXPO events?
Tom: We are an SMU with a public profile, so we have to ask ourselves: “How can a normal company protect itself against cybercrime?” In ticketing, CRM … We want to use the Swiss Cyber Security Days to convey the message “Hey, SMEs, cyber hygiene is a thing.”
Nick: Exactly. Cybersecurity is available at affordable prices for small businesses. These are some tips:
keep your software up to date.
get a password management system.
use multiple authentications via SMS or app.
do regular immutable back-ups.
always have a restore procedure to hand for backups.
If you’re diligent about these five points, you have achieved 80 per cent of security. The trade fair showcased free services and products that make it easy for companies to comply with these principles.
Why choose Bern as the new location for the Swiss Cyber Security Days?
Tom: When the trade fair was looking for a new home after its edition in Fribourg, we held a meeting. We quickly realised that the federal city was the right location for this event. Bern is not only easily accessible and disposes of top-notch infrastructure, but it’s also the political centre of Switzerland and home to many embassies, and national as well as international organisations.
Nick: The idea of Bern was fun from the very first second. We had embassy representations on site for the first time this year, as the embassy quarter is practically in the neighbourhood of BERNEXPO. That was a huge enrichment. Portugal showed how they solve IDs and Kenya showed how digitalisation works for them. After years of being untouched by digitalisation, Kenya is now making rapid progress. This is because they are only now entering the process and can benefit from the knowledge they have already gained. In Kenya, agricultural workers, some of whom have no schooling, can now control and automate their own farms thanks to digital technologies. When do you need to irrigate? When is it time to harvest? All of this can be controlled at the touch of a button. So the tables have turned again - today we can learn a lot from them. The presentations were incredibly inspiring.
What are your long-term goals and visions for the Swiss Cyber Security Days in Bern?
Tom: Our goal is to turn Bern into the cyber capital. We welcomed around 2,300 visitors over these two days and are already looking forward to the Swiss Cyber Security Days on 18 and 19 February 2025. We also aim to permanently integrate the topic of cybersecurity in connection with sustainability and digitalisation into our exhibition, just as we have done with e-mobility. The example of the Swiss Cyber Security Days shows that events are often organised around strong personalities and partnerships. Bern is not only well located, right in the geographical centre of Switzerland, it is also the federal city, home to politics and numerous international institutions. We help event organisers to make the right connections in Bern and thus get the best out of their event. The Bern Convention Bureau also provides organisational support where possible. For example, a hotel contingent was made available for the Swiss Cyber Security Days, making things a lot easier for the participants and organisers.
Nick: Exactly. But we don’t just want to focus on this one event a year, we want to establish various events throughout the year. We want to collaborate with other countries and bring in international companies to share their experiences. We want Bern to become the capital of cybersecurity.