In December 2022, a collective called Play hacked the servers of Digipolis, the IT partner of the City of Antwerp. Local authorities were given a week to pay a ransom, but in the meantime, services fell apart. How the hackers proceeded in this case is still under investigation, but there is no doubt that the damage has been extensive, and that the city suffered a loss of reputation.
A multi-layered security approach
Ine Segers, Director of Cyber Trust at Devoteam Belgium: “Many organisations such as Digipolis and the City of Antwerp have invested heavily in digitisation in recent years. As a result, the risk landscape changed. So, as an organisation, you have to ensure that your security evolves along with it. After all, hackers will always find new loopholes to force an entry. This sad incident also clearly demonstrates that we need a worst-case scenario where we don't trust anyone and verify users' identities at all times. This principle is called Zero Trust, a model where security is no longer assured at network level, but a multi-layered approach is used.”
The current situation requires this innovative approach. “Since the corona pandemic, we increasingly work from different places and often in the cloud. So, security has to be tackled at other levels than before. The starting point is a verification of the user’s identity and location, as well as the network. In addition, it is important to clearly map out resources and create an adaptable access policy, yet without compromising the user experience.”
A flexible framework is needed
In addition to identity verification and an adaptable access policy, incident detection and data encryption are also important pillars of a modern security architecture. “Actually, as a company you have to continuously perform a risk analysis and ensure that your cyber security is up to date. Anyone who does that will sooner or later reap the benefits. After all, cyber security can also be a business enabler. A company that can demonstrate that it adheres to the principles of Zero Trust exudes self-awareness and confidence. We see that customers are increasingly attaching importance to that.”
Fortunately, many companies today realize that these principles are valuable. But setting up cyber security according to the Zero Trust model requires a transformation. “Best practices can help to develop a feasible strategy. And an organisation such as the Cyber Security Coalition, that connects companies, can certainly play a role in this. For example, we could create a framework in which Zero Trust is approached practically. In the coming years, I want to put my shoulders to the wheel for this,” concludes Ine Segers.