cyber-safe.ch Cybersafety Label to be launched in December 2019

On November 6, 2019 in Lausanne, SMEs, local authorities, professional associations and universities took part in the definition of the cyber-safe.ch label. The aim? To provide a tool for assessing the potential cost of cyber-attacks and identifying the most effective protection measures.

 

Why a label?

The project, launched under the aegis of theSwiss Association for the Cybersecurity Label (ASLaC), is based on a simple observation: although more than a third of small and medium-sized organizations have already been the target of cyberattacks, most remain helpless in the face of these new risks, mainly due to a lack of resources and skills. The aim of the Label? To enable these organizations to identify the valuable data they need to protect, to determine their level of protection, and to implement targeted measures to achieve an acceptable level of cybersecurity. By bringing together experts from a wide range of backgrounds, representing more than 8,500 SMEs and several hundred local authorities, the Label defines requirements that are in line with the realities on the ground.

 

Your cyber risk in CHF

ASLaC was founded in September 2018 to support SMEs that are now being targeted by malicious hackers. For most organizations, determining effective actions from among the many recommendations and best practices is an impossible task in the absence of specialized skills. By adopting a pragmatic approach based on the value of an organization's data and the evaluation of the cost, in Swiss francs, of the cyber risks incurred, the label offers managers an essential decision-making tool for prioritizing the implementation of corrective measures according to their specific situation.

 

A participatory approach

To define the requirements for the Label, the Association mobilizes the knowledge and experience of the relevant stakeholders. Under the aegis of the Association, IT security specialists, representatives of business and political circles, as well as academics and associations, meet to define the acceptable level of cybersecurity that qualifies for the Label. Such a dialogue between specialists and non-specialists in IT security is essential for two reasons: to ensure that requirements are defined in line with the realities of SMEs, and to democratize the cybersecurity issues that concern us all. It is for this reason that ASLaC has been involved in the development of Switzerland's National Cyberrisk Protection Strategy (NCPS), and is a partner in its implementation.

 

Evolving requirements

The requirements defined within the framework of the Label are particularly innovative, as they depend on the value of the data required for an organization to function properly (notably third-party data, relating to customers, suppliers, etc.). Thus, an SME with more to lose in the event of a data breach (loss, leakage, etc.) will have to meet higher protection requirements. These requirements relate to infrastructure security, employee skills (e.g. identification of malicious e-mails) and organizational issues (e.g. data protection policy).

 

An affordable, independent solution

Online questionnaires, technical analysis of the IT infrastructure and phishing tests are all part of the assessment. On this basis, the candidate organization receives a report containing, in particular, the potential damage linked to the risks incurred as they stand and, if necessary, a list of corrective measures to be implemented in order to obtain the Label. Once the measures have been implemented with the service provider of its choice, the organization receives a visit from an auditor, who carries out an inspection and then forwards his or her recommendation to the Association with a view to awarding the Label. To guarantee the independence and credibility of the Label, the Association and the auditors undertake not to sell any corrective measures to applicant organizations, thus strictly preserving its role of impartial and independent advice.

The label is valid for two years, during which time the labeled organization has access to ongoing services, such as vulnerability and phishing tests to ensure that security levels remain at least stable, if not improving. Rates start at 3,000CHF for a small SME. Official launch planned for December 2019 at www.cyber-safe.ch!