The National Coordinator for Security and Counterterrorism (NCTV) of the Netherlands published it’s Cyber Security Assessment Netherlands 2018 (CSAN 2018) report. In it, the CSAN re-emphasizes and underscores the need for Dutch organizations to invest in digital security. Cyber Security vendors should stand shoulder to shoulder with the NCTV in raising awareness about the risk Dutch organizations and society are exposed to, as well as about the solutions available to mitigate these.
According to the CSAN, “the scope and severity of digital threats facing the Netherlands are still considerable and continue to evolve”. The NCTV finds that Dutch security remain under constant threat of digital attacks. “The Dutch economy and broader Dutch society have become entirely dependent on digital resources. Attacks and outages can have major consequences, potentially disrupting society itself”, says the CSAN.
For Cyber Security vendors, the CSAN offers insights into the opportunities that lie in the Dutch marketplace. “The digital threat is permanent, as cyber attacks are profitable, simple to execute and involve little risk for attackers”, the CSAN states. “In light of recent geopolitical developments, state actors are expected to continue using such digital attacks and may even opt to do so on a greater scale.”
Professional criminals continue to be a major threat to Dutch society, according to CSAN. “Cyber attacks with a major societal impact can be perpetrated with relatively few resources. Perpetrators can carry out attacks without any need for large-scale capabilities; they can simply purchase them externally. This became clear in January, when the DDoS attacks plaguing several banks turned out to have been carried out with a simple bought-in attack.”
Lack of basic measures
Cyber Security vendors can profit from the fact that, according to the CSAN, many organizations in the Netherlands fail to implement the basic measures needed to repel cyber attacks. “This concerns basic measures such as the timely installation of updates or prevention of flaws in configurations. For example WannaCry and BadRabbit exploited known vulnerabilities and could have been prevented if the necessary security updates had been installed. Insecure products and services make life easier for attackers. As the recent period has shown, organizations could have prevented incidents and mitigated damage by ensuring that their basic security was properly in place.”
Cyber Security vendors: take heed!