Unrest in Society
But there are also other dangers lurking. ‘For hostile state actors, it may be interesting to influence our data from the outside. In this way, they could exert influence on legal policies or cause unrest within our society.’ To prevent such scenarios, Wurtz and his colleagues continuously monitor the CBS network. Are there suspicious login attempts? Are there current threats? If so, where did they originate? These are the questions that the Service Security Center, the team Wurtz works in, deals with daily.European NIS2 Directive
‘We continuously monitor what is happening on our network,’ Wurtz explains. ‘We immediately follow up on reports and often conduct preventive investigations. Additionally, the team contributes to strengthening and renewing the digital infrastructure by providing IT security-related advice to colleagues.’ Changing and new legislation also contributes to the need to continue investing in cybersecurity. This year, the European NIS2 directive, regulations established by the European Union to improve the safety and resilience of its member states, will be rolled out in the Netherlands in the form of the Cybersecurity Act (Cbw). To comply with all aspects of this law, the Service Security Center at CBS has significantly expanded in recent years.
Zero Trust
The setup of the digital infrastructure, in which the Service Security Center is involved, is based on the Zero Trust principle. Wurtz: ‘In the past, it was assumed that it was sufficient to build a large digital wall around your network and data. As long as no one from outside the organization broke through that wall, everything was fine.’ But this idea is now outdated. Sufficient internal walls are also necessary. ‘Employees can now only access the data and services needed for their own work. In this way, we build in extra security.’Red Teaming Test
One of the investigations that the Security Service Center has conducted to protect CBS from external attacks is the so-called red teaming test. A red teaming test is an advanced form of cybersecurity research in which a cyber attack is realistically simulated on all parts of an organization: the digital infrastructure (hacking systems or applications), the employees (attacks via phishing or social engineering), and business processes (manipulating or responding to business processes with the aim of obtaining microdata, for example). It encompasses the full scope.Digital Resilience
Wurtz has extensive experience with such tests. At his previous employer, a large consultancy firm in the field of cybersecurity, he conducted red team tests for many other organizations. ‘The goal is to determine how effective the existing security measures are and to give the organization insight into possible vulnerabilities. The results of such a test form the basis for targeted improvement measures that contribute to strengthening the organization’s digital resilience.’Awareness Campaigns
Wurtz warns against placing too much emphasis on the technological aspects of information security. ‘Most problems still arise from human errors.’ Making calls on the train, reusing passwords, or logging into public Wi-Fi networks. ‘Small things that people don’t think about, but which can pose a significant risk to security. That is why we continuously organize awareness campaigns to ensure that CBS employees think about their digital behavior.’ According to Wurtz, awareness is essential to ensure safety in this ever-changing world. ‘Security is everyone’s responsibility.’Relevant Links
- Article - Information Security and Privacy Continues to be a Priority for CBS
- Article - ‘Information Security is a Hot Topic at CBS’
- Privacy Rules CBS - Privacy