Every week, several organisations fall victim to cybercrime in the Netherlands alone. "I recently spoke to an entrepreneur who was extorted, lost all his data, lost the trust of his customers and ended up going under, both professionally and privately."
Anyone who still thinks cyber criminals are one-man wonders acting from an attic room is living under a rock. The world of cyber criminals is professionally organised, often from countries with a regime that turns a blind eye to this business, works with targets, has a 24/7 helpdesk and is extremely creative as well as lucrative, billions and billions are involved.
'They bite into you'
"Criminals will do anything to get into your system," says Robbert Vriens, director of Simac Cyber Security. "They shoot with hail. Once they are in, they bite into you. Then, if they feel there is something to get, they don't let go easily. Sometimes they are in your system for weeks or even months, without you even noticing. Until suddenly everything is encrypted."
What follows often ends in financial or personal drama, with extortion and threats to make data public. Can you prevent that?
"The risks differ from one organisation to another. There is often more to be gained from large organisations, while smaller companies, on the other hand, are often still somewhat less well protected. The only thing I want to pass on, to every entrepreneur, small or large: don't take it lightly."
More and more paths to get in
One of the trends in cybercrime helped lead to the creation of its own branch within Simac that deals exclusively with Cyber Security: the increasing amount of IT systems, increasingly through various cloud applications and from different networks with all kinds of mobile devices. "Everything is going online. More and more. So that also means more and more log data. And therefore also means more paths for a criminal to get in. And quite simply: monitoring all those paths at the entrance is almost impossible to do ..."
Simac Cyber Security does not post itself at the entrance, like a 'bouncer', but monitors all systems like a guard walking around a company premises. "We do that via software and 24/7 a day. The slightest irregularity in the system triggers an alert. We then immediately start an investigation into the cause."
Indispensable
For small organisations, this form of monitoring is still too costly; for large organisations, meanwhile, it is indispensable. "You have hundreds of organised groups of criminals. Each of which has its own attack tactics and often even its own focus. For example, some are very strong in retail, others focus more on healthcare. The trick is to know your opponent. We are constantly working within our systems to recognise and retrace the smallest signals that could even possibly indicate an intrusion."
That is and remains a tough challenge. "Absolutely. Cybercrime is constantly evolving. You see, for example, that they are increasingly focusing on production environments. There are still relatively many opportunities for them there, because attention to security there is not always obvious yet. It is very simple: every organisation, small or large, has to deal with Cyber Security. You will have to arm yourself against it. If you don't do that or don't do it sufficiently, sooner or later you will have to deal with extortion or another form of cybercrime..."