“Cybersecurity remains a major challenge, which you can only tackle together”
The sixth edition of NLSecure[ID], the security event in the Netherlands organized by KPN Security, took place today. The event can be rewatched here. From a specially equipped studio, viewers could watch a live show that transported them into the world of security. With on-site visits to several Dutch organizations, such as ASML, ProRail, Rabobank and the Netherlands Cancer Institute, and an extensive on-demand program consisting of more than 15 security-related talks. The goal of NLSecure[ID]: to make the Netherlands safer together. This was a great opportunity to talk with Lisette Oosterbroek, director of KPN Security and Erno Doorenspleet, responsible for security strategy at KPN Security, about the importance of knowledge sharing, the human brain, and security trends for 2023.
Several security experts and top speakers share their knowledge with the security community of the Netherlands during NLSecure[ID]. Why is this exchange of knowledge so crucial in terms of enhancing digital resilience in the Netherlands?
Lisette: "Only together can you tackle big challenges. Cybersecurity is a big challenge. We take on that challenge together, we shoulder it together, by sharing knowledge, by building communities, by making best practices available to each other and by sharing dilemmas. NLSecure[ID] certainly contributes to this. It makes me proud that so many experts are again willing to share their knowledge. Thanks to them, we work together every day to make the Netherlands more digitally secure and move forward together."
The keynote speaker at NLSecure[ID] was professor of clinical neuropsychology Margriet Sitskoorn. She talked about how the brain works and our susceptibility to cybercrime, adding, "We do things we shouldn't do, even though we know better." Is our brain actually capable of recognizing a phishing email and resisting the temptation of clicking on it?
Erno: "Looking at cybersecurity from a distance, we are really only at the start of things. In some ways, technology is far in advance of what humans can understand. So it’s logical that people sometimes make mistakes. The ultimate goal is security as a state of mind. Security that reaches the core of your organization. People-oriented, understandable and practical. You achieve this by always putting security first in everything you do in your organization. During this edition of NLSecure[ID], we spotlight four companies from different sectors. They have embraced security thinking and are sharing their knowledge with the rest of the Netherlands. Because only together can we make the Netherlands safer."
The ultimate goal is security as a state of mind. Security that reaches the core of your organization. People-oriented, understandable and practical. You achieve this by always putting security first in everything you do in your organization.
This edition focuses on four major organizations from different sectors. From the studio we switch live to the Netherlands Cancer Institute, ASML, ProRail and Rabobank. What can we as a security community learn from these organizations?
Lisette: "The Netherlands Cancer Institute is working to create an organization 'that is safer than it needs to be'. They do this because they want to do it together and they want to do it properly: it can cost lives if things go wrong. CISO Joost Boele of the Netherlands Cancer Institute talked about issues including the importance of trust for a good security program. And then Rabobank. CISO Mimoent Haddouti, named global CISO of the year in 2022, showed viewers how one of the Netherlands' largest banks operates in a dynamic environment where cyber threats are ever-increasing. The bank's mission is to instill security in the DNA of all its employees. After all, security is as strong as the weakest link in an ecosystem. Wonderful, inspiring but also practical stories that we can learn from together as a community."
Looking at the security community, what do you think it benefits from?
Lisette: "It's time for the next step. More is needed, more is possible, so let's challenge ourselves. There are many good initiatives where knowledge is shared and action is taken, both from government and industry. How can we make this collaboration even better so that we become more effective and make more impact? Let's create a movement and join forces more closely. In my view, this goes beyond just being a community. It starts with leadership and membership, taking responsibility, setting the tone and taking action purposefully and decisively. We need to be bold, daring and creative. Let’s all get the Netherlands moving forward! From administrators to CISOs, from government to start-ups, from civil servants to hackers. If we bring everyone together and also get them to take targeted actions, we can meet the world's greatest challenges!"
Let’s all get the Netherlands moving forward! From administrators to CISOs, from government to start-ups, from civil servants to hackers. If we bring everyone together and also get them to take targeted actions, we can meet the world's greatest challenges!
Everyone has a role when it comes to security. What tips do you have for the security community?
Erno: "There are three things I want to impart. As a security community, we develop ourselves and share knowledge with each other. That's incredibly valuable. But so do cybercriminals. Look at malware, for example. We protect ourselves all the time and we continue to develop and optimize our protection capabilities as well. Those same protection options are used by cybercriminals to find somewhere they can gain access. It’s a cat and mouse game where the key is to always stay one step ahead of cybercriminals. Secondly, it’s important that we remain on the lookout for phishing, ensuring in particular that organizations continue to train their employees and keep them aware and alert. To that end, it is also essential that all technology works optimally so that the onus is not entirely on humans. So make sure you have a good backstop. And last but not least, multi-layer security: one solution won't get you there, make sure you address your security at different levels. So that hackers who want to get to your data have to breach multiple layers of security (physical, administrative and technical, for example), making it much more difficult to gain access."
Finally, what will be important in security in 2023?
Erno: "To govern is to look ahead. This applies to security professionals as well. To protect your organization from cyberattacks today and tomorrow, you must respond continually to changes in the threat landscape. What methods of attack are on the rise? And what are the reasons for this? It’s crucial for security professionals to look into the future from time to time. These predictions paint a picture of tomorrow's digital risks. You can factor them into your security strategy right now. Responding then becomes anticipating."