"Know your enemy, know yourself and you will win every battle”. With this quote from the 'Art of War' by Sun Tzu, the fifth-century BC Chinese warlord, the Cybercrime event was opened. In other words, a good understanding of cybercrime and your own cyber situation is essential in developing a robust cyber strategy. This is precisely why CIONET brought together a unique team of professionals and experts to share their experiences and insights with around 100 CIOs and CISOs in the Salons van Edel in Wilrijk.
Stéphane Duguin, former top executive at Europol and today CEO of the Cyber Peace Institute, bit the bullet. "Cybercrime has become the biggest threat in the world," according to Stéphane. Cybercrime has evolved dramatically over the past 10 years from isolated initiatives to a global industry, a supply chain of providers of "cybercrime- as- a- service": malware- as a- service, ransomware- as- a- service, phishing ... as- a- service: you name it. On the darknet, anyone can buy or sell any technology, services or data needed to mount a cyber-attack. At discount prices, moreover: Spam campaigns for just USD 15 an hour, Crypto ransomware for USD 39.... Today, cybercrime organisations are organised like real companies, with a board of directors, an HR department, their own call centre... Nevertheless, they remain difficult to identify as the perpetrators as each of them only accounts for one part of the cybercrime chain. A first actor discovers weaknesses in an organisation's network, a second party plants bits of malware, and a third party pays for that information to possibly launch an attack and get hold of data that is then put up for sale... In short, a complex chain of suppliers of criminal services and components ensures that the smallest vulnerability in an organisation can remain untouched for years but suddenly be the backroad through which cybercriminals penetrate the organisation.
A rather alarming development, as Stéphane pointed out, is that sometimes criminals decide not to attack the organisation whose data has been stolen, especially when they realise there is not a significant financial gain to be had, but instead turn to its customers, citizens or even patients. Stéphane illustrated this with the story of Vastaamo, a psychiatric institution in Finland that was hacked, where the cybercriminals blackmailed individual patients, threatening to expose their records. Furthermore, the rapid advancements of technologies like AI and Deepfakes are becoming commonplace thus leading to increasingly sophisticated ways of scamming people.
A global threat requires global action. Legislative and regulatory bodies have been particularly prolific for some years now: the EU and the UN in the lead, alongside global platforms where international actors join in trying to regularise the digital world and agree on setting game rules. This is undoubtedly a good thing that gives organisations a foothold to build or strengthen their cybersecurity strategy. Stéphane does warn however against a sham situation where organisations invest mainly in being compliant with the regulations in question, rather than focusing on the effective optimal security measures for their organisation.
Geert Baudewijns, CEO of Secutec, which specialises in dark web investigations, then took us on the obscure paths of the darknet. He effectively showed us webpages where you can buy a driving licence for 200 USD, sites where up to 40,000 stolen credit cards are offered every day, or others where - like on Amazon - reviews are made of providers of cybercrime services.
He showed us the marketplace that showcases stolen data from companies worldwide. Apparently, a common technique is to install password stealers on the networks of companies and organisations. The latter are usually unaware that their IDs and passwords are constantly being read and offered for sale on the darknet for next to nothing. Other parties investigate the financial strength of the companies in question and then strike where their "return on investment" is likely to be greatest. The moral of the story: start anyway with the basics like MFA to close off that - too obvious - route already.
During the second part of the event, we zoomed in on the Cybersecurity maturity of our Belgian companies and organisations. According to Hans Hujoel, Sr cybersecurity consultant at INNOCOM, a survey conducted by INNOCOM in collaboration with CIONET clearly revealed an
A somewhat ironic observation was made that the perception of the security team by the other collaborators within the company shows a strong positive nod once there has been a serious security incident that was successfully dealt with. When asked what security teams are prioritising, we see at the front (still) the implementation of Identity and Access Management systems, followed by OT security, awareness training, and finally, cyber resilience programmes. The latter should enable the survival of the organisation in the event of a serious cyber incident. The full report with eight recommendations for a successful cyber strategy can of course be found on CIONET's website through this link.
Miguel gave us another scoop For dessert: from October 16, 2023, , Safeonweb will offer a browser extension to verify the identity of a website's publisher (domain owner). Truly, a great initiative that could help to restore some confidence in the Internet among citizens/users.
Above all, they had to remain cool, not let themselves be thrown off balance, and then put a plan on the table to get out of the impasse: a task force was set up, external specialists were contacted, contacts were made with the authorities and the police... According to Thierry, during such an incident one goes through a cycle of emotions, from denial, through panic, frustration and depression, until you reach a point of acceptance. Only then do you become efficient again and your motivation to take the bull by the horns returns.
Thanks for joining us and see you next time!