Auteur: Aad van Boven | Published in Techzine | 13 may 2022
Cyber resilience is more important today than ever before. The threat of cyber-attacks is growing steadily, and the number of businesses that have to deal with a cyber-attack is also rising. Whereas 29% of respondents to an ABN Amro survey last year had to deal with a cyberattack, this year the figure is as high as 45%. This is partly due to the growth in the attack surface area and the professionalisation of hackers. Recent geopolitical tensions also play a role. The war between Russia and Ukraine, for example, is leading to an increased cyber risk, also for Dutch companies. In other words: it is high time to increase your cyber resilience.
Small and medium-sized businesses
Cyber resilience focuses on continuity and recovery, which goes beyond mere defence. It is not just about preventing an attack, but about acting efficiently when an attack occurs. Despite a potentially lower yield, small and medium-sized enterprises (SMEs) are at great risk here, as the chances of being caught are lower. The investment that cybercriminals make is therefore low, while these companies are often less well protected than large companies, as they generally have a smaller IT budget. In fact, almost 66% of smaller companies go bankrupt within six months of an attack. Good cyber resilience is a must for these companies in particular.
Larger attack surface
One of the main reasons for the growing cyber threat is the growing attack surface. This is not only due to vulnerabilities in their own organisation, but also those of (IT) partners. If IT companies are hit, the consequences are not only for them, but potentially for all the customers they serve. In addition, the hybrid way of working has also contributed to the growth of the attack surface. This is because the digital working environment has become larger. This is reflected in the expectations of Chief Information Security Officers (CISOs). Cybersecurity group Proofpoint surveyed 1,400 CISOs from 14 different countries, with two-thirds saying they expect a cyberattack within the next year. Despite this expectation and the growth of the cyber threat, they said they did not feel adequately prepared for a cyber attack.
Professionalisation of hackers
Another reason for the growing cyber threat is the professionalisation of hackers. More and more hackers are able to automate their hacking activities, which makes an attempt to infect many companies simultaneously less time-consuming and less expensive. In addition, they are able to make more and more accurate calculations for what it will cost a company with a certain turnover to be down for a day and therefore what they are willing to pay. In doing so, they make use of a company’s cyber policy, among other things. This is actively sought as soon as hackers have penetrated the system.
There are various types of motives for carrying out a hack, such as earning money, activism, industrial espionage or cyber warfare. De Telegraaf recently wrote that the Russian cyber war also poses a risk to the Netherlands. The National Cyber Security Centre (NCSC) does not exclude possible attacks in the Netherlands in the future, despite the fact that it has no concrete indications so far that digital attacks in relation to the war in Ukraine are currently having an impact on the Netherlands.
Yet the Dutch Military Intelligence and Security Service (MIVD) recently discovered that some of the routers used by Dutch SMEs had been hacked. The MIVD discovered that cyber spies from the Russian military intelligence service GRU had created a global botnet consisting of thousands of hacked routers belonging to private individuals and SMEs. A small number of routers have also been hacked in the Netherlands. It is therefore important to prevent the abuse of weaknesses in the IT network.
Network Intrusion Detection System
It is very important to focus on cyber resilience and, in addition to defence, to emphasise continuity and recovery. A (hybrid) Network Intrusion Detection System (NIDS) is an appropriate tool for this. A NIDS is a system that automatically detects unauthorised access to an information system or network. It is preferably developed and supported by a local specialist. The advantage of this is that it takes into account the laws and regulations that apply in other countries. In addition, geopolitical tensions have less influence. It is important that the NIDS is developed independently of IT suppliers. This gives a realistic assessment of the security of your IT landscape. The NIDS must also be understandable for non-IT personnel. This is because cybersecurity in the current zeitgeist of hybrid working and due to the increase of the cybersecurity threat and scarcity of cybersecurity experts, is not only an IT matter, but also a business continuity matter.