Contact us
Request demo →
Contact us

Prevent, prepare and prevail: 3 perspectives on cybercrime

by Sebastiaan Bosman Blog 22 Apr 2021

There is no one solution to completely secure your organisation. Just as there are many different ways a criminal can plan his attack, there are many different approaches to how you can orchestrate your defense. However, you can talk to different experts, and they probably all advise on different focus points. That’s why we invited three knowledge cybersecurity specialists from three very different backgrounds to share their experiences and tips.


Are we aware Criminals don't care?

The local baker knows about sourdough bread, not security threats. Still, his website and online personnel registry can be targeted just as well as the digital environment of the city’s town hall or the multinational organisation across the street.

Even though a cyber-criminal usually goes where the most money is, the impact of a successful attack on smaller entrepreneurs is often much bigger. Criminals don’t care about personal circumstances and use fully automated techniques to exploit any digital weakness.

Together with Dave Woutersen (Security Evangelist at NCSC), Pepijn Vissers (co-founder of Chapter8), and Xander Koppelmans (Strategic advisor at Gemeente DNA), we set out to discuss:

Are Dutch organisations sufficiently prepared
for a cyber-criminal’s methods and mentality?

MicrosoftTeams-image (1)

Watch the panel discussion  (Dutch only)

You can only spend your money once

Dave, Pepijn and Xander share their vision on cybersecurity in the Netherlands by reacting to statements, questions, and audience remarks. An initial poll of the statement “Cybersecurity in the Netherlands is doing well” resulted in a 1-2 against, opening the discussion.

When Dave is asked what one of the most important factors is when any organisation develops their security programme, he says that “you can only spend your money once, so make sure you know what there is to protect, and what the relevant risk is.” He continues saying he has often seen organisations set up their security, without having identified the ‘crown jewels’ or the full extent of their attack surface. “If your asset management is not in order, or don’t know who is responsible for certain systems, how can you make a sound investment?”


The impact of a hack

Out of the three speakers, Dave has seen most cyber-attacks take place firsthand in his career. Pepijn has executed the most attacks, and Xander has experienced the most impactful hack. 

Xander is a successful entrepreneur, leading a business of 50 people. One morning in 2015, he received a message: "We're being hacked". 

"We literally saw document folders and customer files disappearing from our servers," Xander says. Even though he had invested in firewalls, password protocols, a sysadmin monitoring the servers, and more, criminals used automated brute-forcing to hack the randomised, 10-character password in mere hours. The criminals didn't ask for ransom, they just destroyed everything. 

"We didn't know what to do. How can you stop that? So we pulled the plug. At first, I though it would cost us a few weeks and roughly 60,000 euro to get back on track." 

However, when they restarted the servers, the situation was much more grim. "We lost 85-90% of all our files," Xander said. "The estimated quarter million euros in damages hurt, but we could handle that. The worst part was what it did to everyone in the organisation, their lives at home, the trust from customers... It's many times as bad and lasts much longer." 

Training for a cage fight

Since 2017, Xander has transformed the negative experiences from the attack into a new start of his business, as his network and business opportunities were still strong. He now shares his story with other entrepreneurs, helping to prevent them from a similar fate. 

Pepijn responds by saying that "we learn plenty from our own mistakes, but not from the mistakes of others. You can't expect to beat a cage fighter when you've trained with a punching bag a few times. It doesn't prepare you for that mentality. You have to train as they fight." 

Dave adds from his experience that organisations dealing with a cyber-attack lose too much time with mapping their environment and detecting the affected systems before they can start proper incident response. "Before all else," he concludes, "understand what you have to protect."

Watch the panel discussion  (Dutch only)

Disinformation: a certainty in uncertain times

Since the beginning of the internet, we have seen a near, if not an exponential, surge of information sharing amongst users in cyberspace. Not long after, we saw how the emergence of social media ushered an access to public online platforms where other internet users worldwide could share, discuss, promote, and consume information, whether by deliberate choice or not.

read more

Threat Report: Remote vulnerability in Confluence, fixes available

On 2 June, 2022 a critical vulnerability was identified in Atlassian Confluence (CVE-2022-26134). The vulnerability in question relates to active exploitation of unauthenticated remote code execution in Confluence Data Center and Server; meaning that the vulnerability could lead to code being executed remotely.  

read more

Looking back on the 2021 vulnerability: Log4shell

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

read more

Do you have a question?

Our experts have the answers

Contact us