The Elephant in the Room: addressing insider threats. Lessons and good practices from Dutch organizations
When addressing security issues, external threats seem to be the sole point of focus. We often miss the fact that our own employees, colleagues or business partners – people whom we trust – could also pose a significant threat to organizations. This threat arises from their authorized access to information and systems, making it challenging […]
NIS2 Directive: the renewed cyber landscape of The Netherlands
Two weeks before the European NIS2 Directive comes into force, we zoom in on the implications on the cyber landscape. What will change for entities as of Oct. 17 and what does the directive mean for the CSIRT system? The NIS2 directive aims to get us closer together. But with all key players, how do […]
The tower of Babel: the many languages of risk management and how to navigate them
Digital risk management is a fragmented field of expertise. In Europe alone, many national cybersecurity centers have developed their own methodologies in order to empower organizations to increase their digital resiliency via the adoption of their framework. In parallel, many private sector organizations have taken similar actions. Although risk management has been foundational to cybersecurity […]
Back to Basics: Real Life Incident Stories Show Why
Many digital incidents are caused by not having basic security controls in order. That is a shame, because relatively simple steps can often make organisations a lot more cyber-resilient. At the same time, organizations are different, which means that there is no one-size-fits-all. This is why NCSC and DTC created the 5 basic principles of […]
How the Dutch raise the security baseline: transparency
A trustworthy government is accountable and approachable. Transparency plays a large part in that equation. For this reason the Dutch government provides insights into the baseline cybersecurity of all its online services. Anyone is able to determine if their government is operating securely or not: from high level down to the individual technical metric. This […]
Diving Into The Attack Surface of the Netherlands
The non-profit Shadowserver Foundation (https://shadowserver.org) has been active for over 15 years, delivering free daily cyber threat intelligence feeds to National CSIRTs (over 201 National CSIRTs covering 175 countries and territories) and many other organizations that have an Internet presence (over 8000 organizations worldwide, including Sectoral CSIRTs, ISP/CSPs, hosting providers, enterprises, banks, academia, hospitals, SMEs, […]
Gamechanger in cybersecurity: RED 3.3 and CRA
The upcoming cybersecurity requirements for digital products promise to be a gamechanger in cybersecurity. The essential requirements in the Radio Equipment Directive (RED 3.3) and the Cyber Resilience Act (CRA) will enable consumers and businesses alike to rely on the cybersecurity of digital products that are sold on the European market. We will explain in […]