One of the most discussed cyber incidents in Belgium this past year was the DDoS attack on Belnet, the IT partner of Belgian colleges, universities, research centres, hospitals, and government institutions. On May 4th, attackers flooded the Belnet network with an immense volume of traffic, saturating it. The consequences of this attack were significant for almost all Belnet customers and end users.
Thanks to its clearly defined crisis management plan, Belnet successfully stabilised the situation within a few hours. Then, the organisation turned its full attention to the so-called ‘post-mortem analysis’. “During this inquiry, we assessed all of our actions very critically, and asked our customers where things could be improved”, says Dirk Haex, Co-General Director of Belnet.
Learn and improve
This assessment also served as the foundation for the improvement programme that Belnet subsequently designed. Haex explains, “The programme contains three sections: a technological component that focuses on stronger embedding in the digital landscape, a component that focuses on communication via various platforms, and a process component that revolves around faster detection and response to incidents."
Ziekenhuis Oost-Limburg (ZOL) was also hit by a cyber attack in 2021. "Through a theft at one of our suppliers, an attacker managed to get hold of the credentials of a number of our users", explains Kurt Gielen, IT manager at ZOL. "We were able to block the incident very quickly, but one of our privileged accounts was compromised for several minutes."
Just as for Belnet, this incident turned out to be a very instructive event for ZOL. Gielen says, "Based on the incident evaluation, we implemented many improvements in our defence system. For example, we are focussing much more on auditing; every action on our server is now recorded."
A long-term, positive impact
Looking back, Belnet emphasises that the attack demonstrated the strength of the existing crisis management plan. "We had already invested a lot in crisis management in the past, which proved to be crucial", stresses Dirk Haex.
"Without our existing crisis communication plan, we certainly would not have been able to react as we did," adds communication officer Davina Luyten. "That is the message we want to pass on to other organisations: draw up plans in advance, before you run into a crisis. Exploit all the expertise available for this in a digital ecosystem. Together, we are much stronger. By telling our story, we hope that the DDoS attack on Belnet will have a long-term, positive impact."
For ZOL too, the cyber attack was an eye-opener. "It has shown that cyber security in a hospital is no longer only a matter of IT; it impacts the entire organisation. That's why it's crucial for the healthcare sector to put much more effort into knowledge sharing and building overarching expertise. We cannot possibly master the cyber threats on our own," concludes Kurt Gielen.