Contact us
Request demo →
Contact us
German website
search
close

Prevent, prepare and prevail: 3 perspectives on cybercrime

by Sebastiaan Bosman Blog 22 Apr 2021

There is no one solution to completely secure your organisation. Just as there are many different ways a criminal can plan his attack, there are many different approaches to how you can orchestrate your defense. However, you can talk to different experts, and they probably all advise on different focus points. That’s why we invited three knowledge cybersecurity specialists from three very different backgrounds to share their experiences and tips.

 

Are we aware Criminals don't care?

The local baker knows about sourdough bread, not security threats. Still, his website and online personnel registry can be targeted just as well as the digital environment of the city’s town hall or the multinational organisation across the street.

Even though a cyber-criminal usually goes where the most money is, the impact of a successful attack on smaller entrepreneurs is often much bigger. Criminals don’t care about personal circumstances and use fully automated techniques to exploit any digital weakness.

Together with Dave Woutersen (Security Evangelist at NCSC), Pepijn Vissers (co-founder of Chapter8), and Xander Koppelmans (Strategic advisor at Gemeente DNA), we set out to discuss:

Are Dutch organisations sufficiently prepared
for a cyber-criminal’s methods and mentality?

MicrosoftTeams-image (1)

Watch the panel discussion  (Dutch only)

You can only spend your money once

Dave, Pepijn and Xander share their vision on cybersecurity in the Netherlands by reacting to statements, questions, and audience remarks. An initial poll of the statement “Cybersecurity in the Netherlands is doing well” resulted in a 1-2 against, opening the discussion.

When Dave is asked what one of the most important factors is when any organisation develops their security programme, he says that “you can only spend your money once, so make sure you know what there is to protect, and what the relevant risk is.” He continues saying he has often seen organisations set up their security, without having identified the ‘crown jewels’ or the full extent of their attack surface. “If your asset management is not in order, or don’t know who is responsible for certain systems, how can you make a sound investment?”

 

The impact of a hack

Out of the three speakers, Dave has seen most cyber-attacks take place firsthand in his career. Pepijn has executed the most attacks, and Xander has experienced the most impactful hack. 

Xander is a successful entrepreneur, leading a business of 50 people. One morning in 2015, he received a message: "We're being hacked". 

"We literally saw document folders and customer files disappearing from our servers," Xander says. Even though he had invested in firewalls, password protocols, a sysadmin monitoring the servers, and more, criminals used automated brute-forcing to hack the randomised, 10-character password in mere hours. The criminals didn't ask for ransom, they just destroyed everything. 

"We didn't know what to do. How can you stop that? So we pulled the plug. At first, I though it would cost us a few weeks and roughly 60,000 euro to get back on track." 

However, when they restarted the servers, the situation was much more grim. "We lost 85-90% of all our files," Xander said. "The estimated quarter million euros in damages hurt, but we could handle that. The worst part was what it did to everyone in the organisation, their lives at home, the trust from customers... It's many times as bad and lasts much longer." 


Training for a cage fight

Since 2017, Xander has transformed the negative experiences from the attack into a new start of his business, as his network and business opportunities were still strong. He now shares his story with other entrepreneurs, helping to prevent them from a similar fate. 

Pepijn responds by saying that "we learn plenty from our own mistakes, but not from the mistakes of others. You can't expect to beat a cage fighter when you've trained with a punching bag a few times. It doesn't prepare you for that mentality. You have to train as they fight." 

Dave adds from his experience that organisations dealing with a cyber-attack lose too much time with mapping their environment and detecting the affected systems before they can start proper incident response. "Before all else," he concludes, "understand what you have to protect."

Watch the panel discussion  (Dutch only)

Open directories: our research findings

In our previous blogs to this open directory series, we talked about what open directories are and why they pose a risk, and how we set up our own research into the extent of the issue. That also featured a sneak peek into the results. Now that we have presented the findings in our webinar, this article will cover the statistics and most striking examples. And most importantly: what are our conclusions and tips to make your own directories data leak free?

read more

Open Directories: A Peek Into Our Research

In our previous blog, we explained what open directories are and how they can result in a data leak. As mentioned there, we conducted research into the risks of open directories ourselves, to see the extent of the problem. We’ll go into the method and preliminary results of that research here, while leaving the most telling examples and conclusions for our webinar on Wednesday 1 December.

read more

Editorial: 6 steps to achieving zero shadow IT

Shadow IT has long been a problem for organisations. Formal IT is routed through the IT department, where it’s approved, purchased, set up, and, importantly, supported and maintained. Shadow IT falls outside this process, and is normally split into two categories: / Systems that the IT department doesn’t know about. / Systems the IT department knows about but needs to keep running as they are integral to business operations. The second category is the real Shadow IT and the biggest problem for businesses. So how can you protect your business from the perils of shadow IT? Here are Pieter's six steps.

read more

Do you have a question?

Our experts have the answers

Contact us