Our website uses cookies to create a better user experience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023

2023: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

“Collaboration with ethical hackers leads to a better result”

Financial institutions are a favourite target of hackers, mainly because of the data that circulates within these institutions. That is why KBC is strongly committed to protecting data. One implemented measure involves calling upon ethical hackers, who regularly identify vulnerabilities in the organisation’s systems. Attackers and defenders are increasingly teaming up to stimulate knowledge sharing.

Read more
Close article

Simon De Schoenmaker

Information Risk Officer at KBC

These are undoubtedly turbulent times. The wars in Ukraine and the Middle East, for example, are often the breeding ground for cyberattacks targeting utilities, public infrastructure… and the financial sector. “Every day, hackers attempt to penetrate our systems. Especially when certain software systems need an update, we see the number of cyberattacks increase noticeably,” says Simon De Schoenmaeker of KBC. 

Red, blue & purple teaming 

Simon has been working for KBC since 2011, initially as Systems Engineer Telecom and today as Information Risk Officer. He has seen first-hand the increasing sophistication of cyberattacks. “With my team, we are trying to find appropriate answers to this. We believe that we can optimise our security by regularly testing our security systems and protocols. We do this, among other things, through ‘red teaming’: where we give ethical hackers free rein to break into our systems. We then examine whether our protective systems are efficient enough, and whether we can respond sufficiently quickly to repel the attack.” 

While the exercises are particularly educational for KBC, this remains a one-sided approach. That is why for several years the company has also been using so-called ‘purple teaming’, where the red and blue teams join forces. Simon: “Both methods complement each other impeccably. Red teaming will always be useful, because it is the perfect way to put our procedures and processes to the test. However, these exercises are secret and the blue team is only informed at the end, when it is faced with essentially a fait accompli.”  

“If you have a sufficiently mature organisation, purple teaming can lead to new insights more quickly. Involving the blue team from the start gives you more interaction, allowing you to share knowledge more quickly and provide direct feedback.” 

AI: friend or enemy?  

But a company needs sufficient manpower to carry out these types of exercises. “That poses a problem with the current labour shortage,” Simon continues. “And it is precisely why we regularly organise training courses to make our staff aware of existing security risks. We look at emerging technologies that can help us automate the exercises, as well.” 

“AI will certainly play a role in this automation. At the same time, we must keep aware that hackers will also use technology to achieve their goals. The key is to continue to put cybersecurity high on the agenda, in order to be as prepared as possible”, KBC’s Information Risk Officer concludes. 

Close article