As the World Economic Forum (WEF) prepares to convene in mid-January 2026, the Swiss National Cyber Security Centre (NCSC) has published recommendations regarding an expected rise in cyber activity. History shows that high-profile international summits serve as magnets for digital interference, and this year’s gathering in Davos is unlikely to be an exception.

The NCSC anticipates that both participating organizations and critical infrastructure providers could face targeted maneuvers designed to disrupt operations or gain visibility for political agendas.

The Focus on Visibility

According to the NCSC, the most likely threat comes in the form of Distributed Denial-of-Service (DDoS) attacks. These actions do not typically result in data theft; instead, they aim to overwhelm websites and online services with traffic, rendering them inaccessible.

These attacks are frequently orchestrated by "hacktivists" seeking media attention for specific social or political causes. In an unusual move, the NCSC has explicitly asked media outlets to exercise restraint when reporting on these disruptions. The goal is to deny attackers the public spotlight they crave, thereby reducing the perceived success of their campaigns.

Essential Protective Measures

While the motives behind these attacks vary, the NCSC emphasizes that the fundamental defense strategies remain the same as in any other period. For organizations operating within the context of the WEF, three "priority measures" have been identified as most effective:

  1. Strict Access Controls: All remote access points—including VPNs, Citrix, and webmail—must be secured with two-factor authentication (2FA) or passkeys. This requirement extends to third-party suppliers and contractors.
  2. Rapid Patching: Systems must be updated immediately. For critical security gaps in internet-facing systems, the NCSC recommends a 24-hour window for installing patches.
  3. Physical Data Separation: Regular backups should follow the "generation principle" (daily, weekly, monthly). Crucially, these backups must be physically disconnected from the network or stored on "Write Once Read Many" (WORM) media to prevent them from being compromised during an active incident.

Strengthening Resilience

Beyond the basics, the NCSC suggests that businesses implement Geo-blocking to limit traffic from regions where they do not operate and deploy Endpoint Detection and Response (EDR) tools to catch anomalies early.

For Swiss organizations, the message is clear: the threat is real, but not unmanageable. By sticking to established best practices, most potential incidents can be neutralized before they cause lasting damage.

Share this post

Author

SC
SC
With over 15 years of experience in cybersecurity, dedicated and detail-oriented professional with a passion for solving complex problems and staying ahead of emerging threats.

Comments