Belgium is performing well in terms of cybersecurity, both in expertise and maturity. Should the country then primarily look within our own borders to fine-tune our cyber defenses?
For a long time, it was a cliché to say that the Belgian business world was not the most progressive technologically. In the SME landscape, the Belgian business owner was somewhat conservative. Let the Dutch try out the new technology first; the Belgians will embrace it once the teething problems are gone.
That trend is changing. Belgium is catching up in its embrace of (hybrid) cloud, is doing quite well in terms of AI adoption, and above all, is showing itself to be well aware of the risks in the cyber world.
High maturity
Miguel De Bruycker, head of the Centre for Cybersecurity Belgium (CCB), notes that the average Belgian’s awareness of cybersecurity is above average. Their own campaigns are hitting the mark: “82 percent of the Belgian population knows Safeonweb, and 68 percent has seen the recent campaigns,” De Bruycker stated during a recent presentation at CyberNova in Antwerp. “That is good news, because awareness in society is essential.”
Jo Vander Schueren, co-founder and CEO of the Belgian security specialist Jarviss, observes the same from his position. “When I compare Belgium with the Netherlands, I am proud to say that the Belgian companies we come into contact with are, in my opinion, further ahead,” he says during a conversation following Jarviss’s participation in the Love Tomorrow conference this year.
When I compare Belgium with the Netherlands, I am proud to say that the Belgian companies we come into contact with are, in my opinion, further ahead
Jo Vander Schueren, CEO Jarviss
The impact of the CCB
“We owe this high level of awareness largely to the role of the CCB,” Vander Schueren believes. The organization is among the top in Europe and has taken a leading role in the adoption of the NIS2 framework. The Cyber Fundamentals framework, drawn up by the CCB, is a guide that organizations even outside Belgium find very useful in their journey toward NIS2 compliance.
With the CCB, Belgium has access to a government agency that helps boost national maturity. In this context, it is no surprise that Belgian cybersecurity players are also doing well.
Higher maturity, more interest in cybersecurity
Jarviss, for example, positions itself quite uniquely. The company is not tied to a single major vendor but opts for an agnostic approach based on independent expertise. “The focus was initially on organizations with about 500 PC users,” Vander Schueren clarifies. Jarviss wanted to target large SMEs, which sit just below true enterprise organizations in terms of size, budget, and organization.
Thanks to the high maturity in Belgium, Jarviss was able to broaden its focus quite quickly. Vander Schueren: “We adjusted our own guideline downwards to organizations with about 200 endpoints. This is because more and more awareness has trickled down to companies, partly thanks to the government.”
Real-world stories
However, it is not just the CCB and the government that have boosted maturity. “It’s also due to real-world stories,” Vander Schueren thinks. “The successful hack of TVH a few years ago, for example, made suppliers realize that they too could suddenly be out of work. Smaller organizations realized through that visible impact that they need to look at cybersecurity differently themselves.”
Such cases have since become the expertise of Geert Baudewijns, CEO of the fellow Belgian firm Secutec. Since 2016, he has built up extensive expertise as a negotiator with ransomware gangs. “I have now conducted more than 600 negotiations,” says Baudewijns on the sidelines of CyberNova. “I am assigned about three to six cases per week by several large cyber insurers.”
Baudewijns notes that attackers are increasingly targeting fewer very large companies and focusing primarily on businesses with 500 employees or fewer: the sweet spot Jarviss aims to cater to. Baudewijns: “Such organizations usually have flat networks, where it is easier to steal and encrypt data.” The fact that maturity is rising is therefore no unnecessary luxury.
Tailored to the SME
Secutec and Baudewijns are the catalysts behind the expansion of SuperNova with a CyberNova day focused on cybersecurity. That first edition immediately drew about 1,400 registrations and proved to be a success. The event reinforced the argument that cybersecurity is truly alive in Belgium.
The fact that Belgium is a country of SMEs, with corresponding budgets, does not seem to be an insurmountable problem. Challenges breed innovation: Jarviss has specialized in automation to bring comprehensive security to the mid-market in an affordable way.
More than Belgium alone
Despite the awareness in the business world, the expertise of companies like Jarviss and Secutec, and the commendable role of the CCB, we should not conclude that Belgium can manage entirely on its own when it comes to security.
Jarviss, for example, is an independent player but does collaborate with specialists such as SentinelOne, Juniper, and Palo Alto. Baudewijns plays his role as a negotiator in an international context, receiving cases from large international insurers. We heard the best plea for cooperation in cybersecurity at CyberNova from Colonel Gunther Godefridis of the Belgian Cyber Force.
Cooperation as a military priority
The Cyber Force grew out of Cyber Command and is the digital branch of the Belgian Defense. Think of the entity as the military counterpart to the civilian CCB. He is clear: “Cyber resilience is achieved by working together, sharing information, and responding together.”
“Sovereignty is not the same as isolation,” says Godefridis. He states that sharing information is necessary to respond efficiently to threats. “Though we must not be naive when foreign companies seek access to our intellectual property,” he adds. Working together is necessary, but that does not mean Belgian companies should naively leave their expertise up for grabs.
Strong national maturity is important, Godefridis notes. According to him, knowledge is one of the three pillars on which Belgium’s cyber resilience rests. The other two are preparation and collaborations.
Unity
For the Cyber Force and the CCB, working together means sharing information with entities from other friendly countries. This involves European colleagues, but also NATO. Companies, in turn, must work with each other and with the government, including by sharing information about threats.
Knowledge and expertise within Belgium are important prerequisites for a secure digital environment. We should not conclude from this that what Belgium does on it’s own, is necessarily better. “Stronger together” is a better slogan, or, looking at it from a Belgian perspective: unity makes strength.