Around 80,000 companies worldwide use Citrix. The software application was recently at the centre of cyberattacks that have been the source of considerable attention. Baloise’s Chief Information Security Officer, Marc Etienne Cortesi, explains what the commotion in the media and the latest cyberattacks are all about and how Baloise is protecting itself against cyberattacks.
Countless companies worldwide use Citrix. A month ago, Citrix informed its clients of a security breach in its remote access software. Last week the software company released a workaround – a short-term protective measure – aimed at closing the security breach temporarily, with a final bug fix – referred to as a patch – promised in the days that followed. Then last week exploits appeared online. Exploits or malicious codes like this make it relatively easy for attackers to hack into networks. Given how easy it was to exploit the network, the Citrix security breach was categorised as severe, which in turn attracted a lot of attention across specialised media.
A security breach like this entails hackers infiltrating a company’s network and installing and running spyware and ransomware. This allows them to encrypt data and to blackmail the company using this. Another scenario is data theft, which might leave a company faced with high fines and reputational damage.
I assume that many countries in Switzerland work with Citrix, so the threat is major.
Last week here at Baloise, we detected an increase in attack attempts on our system, but our IT security experts were successful in fending off the hacker attempts. In doing so, our clients were spared any losses or damage. We implemented the workaround recommended by Citrix immediately, and, to ensure this was effective, all of our Citrix systems were rebooted. We monitor our network around the clock just as we always have done. Our protocol is to identify, protect, detect and respond.
«Our protocol is to identify, protect, detect and respond.»
Security breaches are the order of the day for us. But not every vulnerability poses the same high threat level seen in the case of Citrix. This is due in part to how exposed Citrix is. The software can be envisioned as a sort of entry portal to a company’s network. With this in mind, a clear information security strategy is of the utmost priority. Our strategy involves clearly defining which data and systems require the highest level of protection, i.e. the most crucial/sensitive. That is why we assign these different security levels and protect them accordingly. We also monitor all network activity around the clock. This enables us to respond rapidly and to continue to operate systems even in an emergency.
The following factors play an important role in ensuring a company’s IT security:
- Keeping systems up to date at all times (see Citrix)
- Training all employees in the secure use of IT systems (including the careful use of passwords)
- Regular data backups and secure storage of data
IT systems are becoming more and more complex. In the past, systems were often standalone units, meaning that faults or security breaches could be rectified relatively quickly. The interconnectedness associated with modern life has seen and will continue to see vulnerabilities rise dramatically. It is therefore imperative that this increase in cyber risks brings with it an increase in awareness of these, so that these can be dealt with swiftly and effectively.