#shitrix: security breach in Citrix causes uproar

Fiona Egli
January 17, 2020
Around 80,000 companies worldwide use Citrix. The software application was recently at the centre of cyberattacks that have been the source of considerable attention. Baloise’s Chief Information Security Officer, Marc Etienne Cortesi, explains what the commotion in the media and the latest cyberattacks are all about and how Baloise is protecting itself against cyberattacks.

There’s been uproar on social media: under the hashtag #shitrix you will find thousands of reports regarding the latest cyberattacks. Marc, can you tell us what happened?

Countless companies worldwide use Citrix. A month ago, Citrix informed its clients of a security breach in its remote access software. Last week the software company released a workaround – a short-term protective measure – aimed at closing the security breach temporarily, with a final bug fix – referred to as a patch – promised in the days that followed. Then last week exploits appeared online. Exploits or malicious codes like this make it relatively easy for attackers to hack into networks. Given how easy it was to exploit the network, the Citrix security breach was categorised as severe, which in turn attracted a lot of attention across specialised media.

But what does this security breach mean for companies that work with Citrix?

A security breach like this entails hackers infiltrating a company’s network and installing and running spyware and ransomware. This allows them to encrypt data and to blackmail the company using this. Another scenario is data theft, which might leave a company faced with high fines and reputational damage.

How many companies in Switzerland are affected by these cyberattacks? Can you tell us anything about the current situation at Baloise?

I assume that many countries in Switzerland work with Citrix, so the threat is major.

Last week here at Baloise, we detected an increase in attack attempts on our system, but our IT security experts were successful in fending off the hacker attempts. In doing so, our clients were spared any losses or damage. We implemented the workaround recommended by Citrix immediately, and, to ensure this was effective, all of our Citrix systems were rebooted. We monitor our network around the clock just as we always have done. Our protocol is to identify, protect, detect and respond.

Our protocol is to identify, protect, detect and respond.

Marc Etienne Cortesi, Chief Information Security Officer

You are Baloise’s Chief Information Security Officer. How is our company preparing itself for security breaches like this?

Security breaches are the order of the day for us. But not every vulnerability poses the same high threat level seen in the case of Citrix. This is due in part to how exposed Citrix is. The software can be envisioned as a sort of entry portal to a company’s network. With this in mind, a clear information security strategy is of the utmost priority. Our strategy involves clearly defining which data and systems require the highest level of protection, i.e. the most crucial/sensitive. That is why we assign these different security levels and protect them accordingly. We also monitor all network activity around the clock. This enables us to respond rapidly and to continue to operate systems even in an emergency.

The following factors play an important role in ensuring a company’s IT security:

  • Keeping systems up to date at all times (see Citrix)
  • Training all employees in the secure use of IT systems (including the careful use of passwords)
  • Regular data backups and secure storage of data

Let’s take a look at the future: is the current situation a scary one-off or are security breaches like this likely to recur more frequently in future?

IT systems are becoming more and more complex. In the past, systems were often standalone units, meaning that faults or security breaches could be rectified relatively quickly. The interconnectedness associated with modern life has seen and will continue to see vulnerabilities rise dramatically. It is therefore imperative that this increase in cyber risks brings with it an increase in awareness of these, so that these can be dealt with swiftly and effectively.