The Attribution Minefield in Ransomware Investigations

Ransomware attacks pose a growing threat to both digital and physical infrastructures. When a ransomware incident occurs, victim organizations often face pressure to restore operations quickly—even if that means paying the ransom. However, payment introduces serious legal and financial risks: if the attacker is a sanctioned entity, making a payment could result in violation of […]

CRA: let’s talk about opportunities

The Cyber Resilience Act (or CRA) will be a gamechanger for the cybersecurity sector. From December 2027 on, all producers of hard- and software have to ensure that their products meet the CRA requirements before they can be placed on the European market. Making sure that products are CRA-proof can be a challenge for companies […]

Discussion: teaching ethics to (future) IT professionals

As society is digitalizing and we depend more on technology, securing IT systems and preventing the abuse thereof is increasingly becoming more important. To protect these systems, there is a need for cybersecurity professionals and ethical hackers that build in security and test the safety of systems. However, learning how systems can be protected oftentimes […]

DORA TLPT: Strengthening financial cyber resilience

The Digital Operational Resilience Act (DORA), which came into force on January 17, 2025, mandates financial institutions to conduct Threat Led Penetration Testing (TLPT) to enhance their cyber resilience within the European Union. TLPT simulates realistic cyber attacks based on the TIBER-EU framework, aiming to identify vulnerabilities and improve the institution’s detection and response capabilities. […]

AP vs 32000 data breaches: Supervision & Lessons learned

How would you deal with 32.000 data breaches per year? Two inspectors of the Dutch Data Protection Authority (AP) will provide a unique insight into the inner workings of the AP as an actor within the cyber security field. First we give insights into the AP as an organization and discuss how the AP handles […]