Cybercriminals look for the weakest link

The Centre for Cybersecurity Belgium (CCB) is the national authority for cybersecurity in the country. The CCB supervises, coordinates and monitors the application of the Belgian cybersecurity strategy, helping companies, the government, providers of essential services, and the public to protect themselves and their information. The CCB conducts campaigns aimed at both businesses and consumers.

Understanding the risks

The CCB’s campaign is part of a broader strategy. “We have to work on different fronts,” says De Bruycker. “To use an analogy, it’s not enough to equip a car with all kinds of safety equipment, you also have to teach the driver to drive sensibly.” That’s exactly what the CCB is aiming for. “Obviously, it’s important that companies strengthen the security of their IT infrastructure. But they also have to teach their employees to understand the potential risks they’re dealing with.”

In order to improve the security of our infrastructure, we have to focus on innovation, according to the CCB. “We need to develop more expertise, via colleges, universities, and other institutions. I also see an important role for certification so that we can assess which requirements a particular infrastructure meets or doesn’t meet.” But it is just as important to provide targeted support to IT users.

“We do this not only via awareness campaigns,” says De Bruycker, “but also through the best-practice standards we share with companies. In that context, the CCB is also an active member of the Cyber Security Coalition.”

The security of the IoT deserves more attention. We are still seeing a lot of connected devices that don’t receive automatic security updates.

Spear warning

The CCB also wants to focus more on direct action. “Take, for example, a spear warning. This is a very targeted warning for a person or a company, as opposed to spear phishing, which is a very targeted attack.” It turns out that people are much more likely to respond to a direct message than a general warning. The CCB is testing a new version of the Safeonweb app so that companies will receive highly targeted warnings about possible risks that apply specifically to their infrastructure.

The CCB’s strategy also focuses on the cybersecurity of critically important services and organizations, such as airports, nuclear power plants and headquarters of international institutions. “It’s equally important to be proactive in combating cybercrime,” says De Bruycker. “This battle is also taking place on various fronts, with the disruption of cybercriminal organizations and the prosecution of criminal offenses, but also through military intervention and diplomacy.”

In the event of a ransomware attack, we recommend that you never pay the ransom. There is no guarantee that you’ll get what you pay for.”

Greater focus on IoT

One of the main challenges remains the fact that cybersecurity is a moving target. “You have to deploy your resources at the right time and in the right place,” says De Bruycker. “There are relatively few incidents on common operating systems – such as Windows or iOS – that have been correctly updated. As a result, cybercriminals target other, more vulnerable links in the whole chain.” The Internet of Things is a clear target. “We are still seeing a lot of connected devices that don’t receive automatic security updates. It’s an area that deserves more attention.”

If real-life incidents occur, CERT.be (Computer Emergency Response Team) will take action. This is the operational service of the CCB that detects, observes, analyzes, and reports on online security problems. CERT.be primarily helps providers of essential services and critical infrastructure, but ‘ordinary’ companies can also contact the organization in certain circumstances.

Should you pay a ransom?

In recent months, there has been a lot of talk about ransomware attacks. “Most ransomware problems can be traced back to a phishing message or a vulnerability within the network,” says De Bruycker, “so it remains absolutely essential to focus on prevention.”

In a ransomware attack, only an offline backup – which cannot be reached via the network – can provide a solution. “We recommend that you never pay a ransom,” concludes De Bruycker. “Very often this might seem the fastest and cheapest solution, but there are never any guarantees. Very often the cybercriminals then ask for an additional payment, or they don’t release all the data after you pay up.”