Source: Financieele Dagblad

A workplace must be clean, tidy and orderly. Tools must be in the right place, organised and without clutter or loose parts. Otherwise, accidents will happen. This principle also applies to the digital environment in which a company operates. The basics must be in order, otherwise every business management system is vulnerable to attack.

Basic hygiene must be in order to optimise the use of an IT environment and ensure its security, and to minimise the impact of a cybersecurity attack. Business operations are becoming increasingly digital and contain more and richer data. Yet when it comes to IT management in organisations and solving issues, a quick fix is too often chosen without looking at the underlying causes and the consequences associated with it. This regularly creates security risks because a quick fix can easily undermine a well-thought-out security strategy and implementation. That is the opinion of two experts from Ctac, who each contribute to the digital security of companies and institutions in their own field. Ctac is responsible for the security of a large number of Microsoft and SAP customers. They manage the security of the environments for these organisations, making them a major player in the field of cyber security and cloud management.

A healthy basis

‘IT hygiene must be in order. Well documented, patched and with continuous updates. That is the basis. And if all of that is in order and you are going to automate and code, then you can easily fix it with coding if there is a problem’, says Erwin van Beinum, director of Cyber Security at Ctac.

‘Security should actually be positioned horizontally throughout the organisation. It is important to be proactive, and therefore not just check on digital security every six months. It is a process of constant monitoring. We do, however, keep an eye on a company’s business management. We monitor, but actually try to work invisibly for a company.’ The speaker is Vincent Mejan, business development manager Digital Experience at Ctac. Both Van Beinum and Mejan agree: digital resilience is important. Ctac ensures that damage is repaired quickly, that improvements are implemented with clear communication and that the IT system is made stronger after an attack.

Security Awareness

Ctac carefully considers which security measures are appropriate for the company, without compromising ease of use. Security Awareness’ should also make employees aware of digital dangers, and Ctac helps with that. This is necessary because Ctac works with sensitive company data, and security is obviously priority number one. Developments are happening fast and a company’s attack surfaces – places where potential digital attacks can take place – are numerous.

Artificial intelligence, or AI, is evolving at lightning speed and all kinds of attack variants will therefore be able to emerge from it. ‘Previously, we had what you might call technical attacks, but this is evolving into functional attacks. This involves a type of attack in which thousands of files, invoices or orders can be changed or rewritten in a company without the company even being aware of it. This makes the company susceptible to blackmail and it can be held to ransom digitally. You would need to employ a very observant tech-savvy IT manager to detect this. We are now also looking at how we can arm companies with AI against these types of attacks,’ says Van Beinum.

‘It is important to be proactive, and not just check on digital security every six months.’ Erwin van Beinum - Director of Cyber Security

Functional-level security is therefore essential in such a scenario, the two Ctac experts are convinced. Another important aspect that is increasingly coming to the fore when it comes to cybersecurity is compliance. European regulations and guidelines are becoming increasingly strict and complex, especially with the NIS2 regulation that is about to be introduced in Europe. ‘It is important for every customer, especially because we are talking about a chain here. As a company, you are never an entity in itself; everyone is connected to everything. Customers, suppliers, consumers, etc.

Do you want to make your IT environment secure and future-proof?