<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

Prevent, prepare and prevail: 3 perspectives on cybercrime

by Sebastiaan Bosman Blog 22 Apr 2021

There is no one solution to completely secure your organisation. Just as there are many different ways a criminal can plan his attack, there are many different approaches to how you can orchestrate your defense. However, you can talk to different experts, and they probably all advise on different focus points. That’s why we invited three knowledge cybersecurity specialists from three very different backgrounds to share their experiences and tips.


Are we aware Criminals don't care?

The local baker knows about sourdough bread, not security threats. Still, his website and online personnel registry can be targeted just as well as the digital environment of the city’s town hall or the multinational organisation across the street.

Even though a cyber-criminal usually goes where the most money is, the impact of a successful attack on smaller entrepreneurs is often much bigger. Criminals don’t care about personal circumstances and use fully automated techniques to exploit any digital weakness.

Together with Dave Woutersen (Security Evangelist at NCSC), Pepijn Vissers (co-founder of Chapter8), and Xander Koppelmans (Strategic advisor at Gemeente DNA), we set out to discuss:

Are Dutch organisations sufficiently prepared
for a cyber-criminal’s methods and mentality?

MicrosoftTeams-image (1)

Watch the panel discussion  (Dutch only)

You can only spend your money once

Dave, Pepijn and Xander share their vision on cybersecurity in the Netherlands by reacting to statements, questions, and audience remarks. An initial poll of the statement “Cybersecurity in the Netherlands is doing well” resulted in a 1-2 against, opening the discussion.

When Dave is asked what one of the most important factors is when any organisation develops their security programme, he says that “you can only spend your money once, so make sure you know what there is to protect, and what the relevant risk is.” He continues saying he has often seen organisations set up their security, without having identified the ‘crown jewels’ or the full extent of their attack surface. “If your asset management is not in order, or don’t know who is responsible for certain systems, how can you make a sound investment?”


The impact of a hack

Out of the three speakers, Dave has seen most cyber-attacks take place firsthand in his career. Pepijn has executed the most attacks, and Xander has experienced the most impactful hack. 

Xander is a successful entrepreneur, leading a business of 50 people. One morning in 2015, he received a message: "We're being hacked". 

"We literally saw document folders and customer files disappearing from our servers," Xander says. Even though he had invested in firewalls, password protocols, a sysadmin monitoring the servers, and more, criminals used automated brute-forcing to hack the randomised, 10-character password in mere hours. The criminals didn't ask for ransom, they just destroyed everything. 

"We didn't know what to do. How can you stop that? So we pulled the plug. At first, I though it would cost us a few weeks and roughly 60,000 euro to get back on track." 

However, when they restarted the servers, the situation was much more grim. "We lost 85-90% of all our files," Xander said. "The estimated quarter million euros in damages hurt, but we could handle that. The worst part was what it did to everyone in the organisation, their lives at home, the trust from customers... It's many times as bad and lasts much longer." 

Training for a cage fight

Since 2017, Xander has transformed the negative experiences from the attack into a new start of his business, as his network and business opportunities were still strong. He now shares his story with other entrepreneurs, helping to prevent them from a similar fate. 

Pepijn responds by saying that "we learn plenty from our own mistakes, but not from the mistakes of others. You can't expect to beat a cage fighter when you've trained with a punching bag a few times. It doesn't prepare you for that mentality. You have to train as they fight." 

Dave adds from his experience that organisations dealing with a cyber-attack lose too much time with mapping their environment and detecting the affected systems before they can start proper incident response. "Before all else," he concludes, "understand what you have to protect."

Watch the panel discussion  (Dutch only)

What does effective attack surface management look like?

In recent blog posts we’ve discussed the need to understand how your attack surface affects your risk and highlighted three areas that regularly slip under the radar when trying to analyse the true extent of that attack surface. The answer to both these challenges is attack surface management, and in this blog we’re going to focus on what that looks like.

read more

3 Constantly Evolving Areas of Risk Your Organisation Could Be Overlooking

As we mentioned in our previous blog, your attack surface is a constantly evolving source of risks. This is compounded by the fact that most organisations can only see a portion of their attack surface – we believe they’re missing 30 to 50 percent.

read more

Understanding your organisation’s attack surface and why it poses a risk

Your attack surface is the sum of the exposed and internet-facing assets, and the associated risks a hacker can exploit to carry out a cyber-attack. Over the past decade or so, that attack surface has changed dramatically. Long gone are the days when the only things exposed to the outside world were your website and your mail server. Today, increased complexity means that many organisations often have huge attack surfaces – in fact, we believe that the attack surface has grown by around 1000% in the past 10 years.

read more

Do you have a question?

Our experts have the answers

Contact us