Current situation
Five years ago, cybersecurity was a topic for technical specialists; nowadays, it is a topic discussed at the board level. We often see in the news that information is stolen or held hostage, causing serious problems for organizations.
For example, at VDL, we have seen that a cybersecurity incident can significantly harm an organization’s reputation.
In practice, the following three cybersecurity incidents occurred most frequently last year:
- Insider threat: where a disgruntled employee steals, sells, or destroys data
- Ransomware: where all your data is made unreadable until you pay a ransom
- CEO fraud: where an executive is persuaded to pay a fraudulent invoice
Phishing is not on this list but deserves special attention. We speak of phishing when malicious actors send emails to one or more employees to entice them to click on an unsafe link or open an unsafe attachment. Phishing often aims to create a digital vulnerability in your organization’s cybersecurity. We do not see phishing as a separate threat, but as a method to carry out other attacks, such as ransomware or CEO fraud.
How do these cyberattacks work?
Not all employees always have the best interests of the organization in mind. Insider threat means that an employee intentionally or unintentionally causes harm to the organization. A malicious insider exploits their rights for financial gain or revenge. This includes theft or sabotage of information systems and corporate espionage.
Unintended harm by an insider typically occurs when employees are not well-qualified for their roles, leading to errors with potentially disastrous consequences. Employees who are careless about following policies also fall into this category.
Ransomware regularly makes headlines. An employee receives a phishing email, clicks on a link in the email, and suddenly, all files on one or more systems are encrypted and inaccessible to the user. Only if the organization pays, preferably in bitcoin, does the attacker unlock the files. If not, you lose access to the files, or the system is rendered permanently unusable, according to the attacker. The Dutch Data Protection Authority (AP) recently reported a startling increase in such incidents.
In CEO fraud, a financial department employee receives a phishing email supposedly from the CEO. This email contains an urgent request to pay an invoice from a supplier, along with the payment details. After payment, it is revealed that the email was fake, and the money disappears.
What can I do now to limit my cyber vulnerability?
Cyberattacks are so prevalent that it is essential to protect your organization as effectively as possible. To minimize risks, we have selected five measures that you should take at a minimum to enhance your cyber resilience.
- Regularly apply patches and keep all software up to date to prevent exploitation of known vulnerabilities by attackers
- Foster appropriate security awareness among employees to avoid clicking on suspicious links. The “clean desk, clear screen” principle is also vital. Do not leave papers with sensitive information lying around, and lock your workstation when leaving it
- Use backups. The 3-2-1 principle is a good starting point: three backups on two different media, one of which is stored offsite
- Implement two-factor authentication, such as combining a password with a mobile token
- Monitoring and control are essential to understand activities on your network. Suspicious traffic can be stopped before a real incident occurs
It is crucial for board members to ask how their organization has improved its cyber resilience and the status of these five measures. Additionally, ensure you know how to respond when a cyber incident occurs unexpectedly. An exercised cyber emergency scenario is essential for this.
How can Highberg help increase your cyber resilience?
We can support you in various ways. We regularly organize cyber crisis exercises for our clients, simulating a cyber crisis and assisting the client’s crisis team in resolving it. The simulation starts with an intake conversation with our client to gain insights into the most important ICT systems and threat scenarios. Subsequently, we develop a customized exercise and carry out the simulation. Right after the simulation, we conduct a “hot” evaluation with the crisis team, which we further elaborate on in a brief report. Two weeks after the simulation, we perform a more comprehensive “cold” evaluation and discuss the key areas where the client can improve its cyber resilience.
Additionally, we can perform a cybersecurity baseline measurement for you. After the kickoff, we analyze the current state of your cybersecurity through interviews, document analyses, and workshops to answer questions such as: Do you know your cyber risk profile? How have you organized cybersecurity governance? Can you detect cyber incidents? How effectively can your organization respond to cyber incidents? Our baseline measurement results in a concrete roadmap that you can use to optimize your cybersecurity, and which we discuss with your management team.
