Companies are concerned about the large number of data breaches in recent weeks. KLM, NS, Vodafone Ziggo and Heineken, among others, were affected. Yesterday, energy company Vattenfall reported a data breach in which an employee of an external party could use data from 30,000 Dutch customers. The question is whether companies have too many blind spots in the field of cyber security, and whether they can really do something about the problem.
According to Dave Maasland, director of internet security company Eset Nederland, companies mainly struggle with the digital transformation itself. ‘How do we deal with external employees or people who work outside the door? How do we deal with new technologies?’ In that respect, this is primarily a business issue, says Maasland. ‘For both large and small companies.’
According to Maasland, we have to move towards a world where employees can and are allowed to make mistakes in the field of cyber security. “Someone needs to feel like they can just click on a link and open something. But organizations increasingly hope and expect that no one makes a mistake. That way of thinking must also change.’
It is going too far to say that companies are lagging behind, says Erno Doorenspleet, head of security at KPN. “We see a lot of things happening and coming. We just don’t always have an immediate solution.’ Recent arrests show this, thinks Doorenspleet.
Under the code name Operation Cookie Monster, the police in seventeen countries have conducted hundreds of raids, 119 people have been arrested, of which 17 in the Netherlands. ‘We contributed to that,’ says Doorenspleet. ‘Two years of research preceded this. In 2020 we already had these criminals in sight and we also managed to prevent actions by these people.’
The fact that more and more companies are connected to each other makes the situation even more difficult, says Doorenspleet. ‘We are all part of a chain. And if a company in that chain is hacked, it can immediately have consequences for another company.’ Larger companies should therefore help small companies more. Small business owners are having a really hard time. If we don’t do it together, we’re not going to win.’
Maasland: ‘In this area, cybercrime can be compared to environmental issues. We’ve known for a long time that it’s a problem, but it takes time to get everyone on board.’ As far as Maasland is concerned, the responsibility lies with the entrepreneur to get safety in order, and not with the employee. ‘I would like more awareness, but I’m afraid that will take a long time.’
‘Companies must ensure that everyone can do their job and that they do not have to worry about whether a link is safe,’ says Maasland. ‘We have been able to detect those viruses for a long time, but criminals gamble when companies make mistakes or when employees do something wrong.’ The technology has to work, he says. ‘Managers themselves should also make it a more important theme.’
Doorenspleet: ‘cyber security must be in the DNA of employees and entrepreneurs. But you shouldn’t worry about clicking on something, there are systems that can prevent that.’