The cyber threat to business is large and diverse, in part because more and more attacks are coming from hackers affiliated with governments and criminal actors. This is evident from survey from Cloudflare, the global provider of connectivity clouds and the Cybersecurity Assessment Netherlands 2024. Als gevolg daarvan lopen zowel volledige supply chains als veel cloudgegevens gevaar. Ondanks de toenemende aanvallen en gemiddelde verliezen van zo’n 940.000 euro bij een succesvolle aanval, zijn bedrijven nog onvoldoende voorbereid. Gelukkig is de cyberweerbaarheid in vijf stappen te vergroten.
Digital risks are high, while few companies are properly preparing for them. That picture emerges from the results of the Cloudflare survey mentioned above. While the number of cyber attacks on Dutch organizations is increasing, the implementation of zero-trust security architectures still lags behind expectations. The same goes for the establishment of a holistic culture and approach to improving security. The financial impact of successful attacks is huge, averaging €940,000. The study shows that supply chains and cloud data are the most popular targets of hackers and at the same time the most vulnerable.
The Cloudflare study, “Protecting the future: The Cyber Threat Landscape in Europe,” found that 42% of CISOs surveyed in the Netherlands experienced at least one cyber attack in the past year. The most common types were phishing, attacks on websites (DDoS) and via email. Yet only 28% of CISOs say their organization is well prepared for future cyber attacks. While sectors under heavy attack, such as media and telecommunications companies or retail, are more cautious, organizations that have been relatively spared so far, such as in the healthcare and energy sectors, are significantly less prepared.
Taking risks seriously
Delayed growth plans and layoffs, combined with financial losses, are disastrous consequences of a lack of preparation for risk that organizations of all sizes must take seriously. When it comes to budget allocation, management already seems to have understood what is at stake. Indeed, more than half of those surveyed expect the budget earmarked for cybersecurity to increase in the coming year. However, the solutions deployed by most still resemble a mix of measures that keep the complexity of IT environments high. Furthermore, many managers still seem unaware of what a zero-trust architecture entails, 87% of respondents believe. Zero-trust can help companies create a better user experience and more cloud-native options.
Supply chain vulnerabilities
Supply chain attacks target vulnerabilities in a company’s supply chain by using third-party tools or services. These indirect attacks target dependencies that companies often unknowingly rely on. One example is the SolarWinds hack of 2020, in which cybercriminals added malware to a software update, which was downloaded by thousands of customers. Such attacks often take place in two stages: first, the hackers gain access to a third-party provider’s system, which they then exploit to attack the intended target.
To protect themselves effectively, organizations can offer risk assessments for partners, as well as pursue a zero-trust approach, malware prevention and browser isolation, or install tools to detect and regularly patch shadow IT. Despite all these measures, however, it remains difficult for organizations to fully protect themselves from supply chain attacks. The large number of third-party dependencies in modern IT environments makes complete protection nearly impossible. Therefore, a holistic approach to security is required that includes both preventive measures and the ability to respond quickly in the event of an emergency.
Five steps to greater cyber resilience
Given the shortage of skilled workers, tight IT security budgets and the dynamic landscape of cyber threats, organizations need a comprehensive security concept that takes into account the key points and steps below:
Step 1: Reduce security architecture complexity
Organizations need to move away from complex, fragmented systems. Instead, it is advisable to adopt a holistic “Everywhere Security” approach. This provides employees with secure access to Web and multi-cloud platforms while ensuring effective protection against sophisticated cyber attacks. This also secures sensitive data and streamlines operational processes. The result is a comprehensive yet simple enterprise-wide security solution.
Organizations need to move away from complex, fragmented systems.
Christian Reilly, Field CTO EMEA Cloudflare
Step 2: Take precautions
Lack of preparation inevitably leads to failure, especially in cybersecurity. Alarmingly, less than a third of companies in Europe consider themselves adequately protected. There is therefore an urgent need for more investment in integrated solutions that allow companies to respond effectively to the constantly changing threat landscape. The Zero Trust model offers a promising approach to this end. However, only about ten percent of decision makers fully understand the currently available solutions. As a result, optimizing cybersecurity is a lengthy and costly process that requires both time and resources.
Step 3: Build a robust security architecture
A robust security culture provides a good foundation for knowledge and risk awareness, which acts as an initial protective barrier to detect and stop attacks faster. It also gives CISOs arguments for preventive investments even before successful attacks have drastic consequences. When cybersecurity awareness is embedded throughout the organization, management is also more likely to recognize its critical importance. As a result, a holistic approach that promotes consistent application of cybersecurity policies by employees, vendors and customers is more likely to be adopted. This creates a comprehensive safety net that protects the organization from potential financial loss and increases resilience to cyber threats.
Step 4: Efficient cybersecurity thanks to SASE
By improving the security architecture, the preparation phase can be significantly shortened. SASE (Secure Access Service Edge) plays a key role here: this concept simplifies cyber security and also increases its effectiveness. SASE also offers companies a solution to overcome the challenges of the acute skills shortage in the IT security market. By consolidating security functions into a single platform, SASE enables more efficient use of available resources and reduces the need for specialized personnel without compromising security.
Step 5: Modernize regulatory compliance
The use of fragmented, outdated security systems and manual processes makes complying with changing legislation increasingly complex. An efficient approach to compliance is therefore essential for CISOs and CIOs. This should include flexible security controls for different areas. Such as access management to mission-critical and SaaS applications, monitoring HTTP traffic to protect sensitive data, securing the client side and browser against supply chain attacks. But also integrating Of firewall, HTTP and event logging with preferred settings in SIEM or cloud solutions. A modular approach enables organizations to meet current and future regulatory requirements, reduce costs, improve application performance and optimize user experience. This holistic strategy simplifies the compliance landscape and makes organizations more flexible to anticipate regulatory changes.
Conclusion
The cybersecurity picture for the Netherlands is alarming because many organizations are insufficiently prepared, despite an increasing number of attacks. Reducing the risks and impact requires an approach to cybersecurity that includes both preventive measures and rapid response options. Companies would be wise to reduce the complexity of their security architecture and implement concepts such as Zero Trust and SASE. Finally, increased awareness of cybersecurity throughout the organization is critical to increasing resilience to future threats.
This is a submitted contribution from Christian Reilly, Field CTO EMEA at Cloudflare. Click here to learn more about the company’s solutions.