These are undoubtedly turbulent times. The wars in Ukraine and the Middle East, for example, are often the breeding ground for cyberattacks targeting utilities, public infrastructure… and the financial sector. “Every day, hackers attempt to penetrate our systems. Especially when certain software systems need an update, we see the number of cyberattacks increase noticeably,” says Simon De Schoenmaeker of KBC.
Red, blue & purple teaming
Simon has been working for KBC since 2011, initially as Systems Engineer Telecom and today as Information Risk Officer. He has seen first-hand the increasing sophistication of cyberattacks. “With my team, we are trying to find appropriate answers to this. We believe that we can optimise our security by regularly testing our security systems and protocols. We do this, among other things, through ‘red teaming’: where we give ethical hackers free rein to break into our systems. We then examine whether our protective systems are efficient enough, and whether we can respond sufficiently quickly to repel the attack.”
While the exercises are particularly educational for KBC, this remains a one-sided approach. That is why for several years the company has also been using so-called ‘purple teaming’, where the red and blue teams join forces. Simon: “Both methods complement each other impeccably. Red teaming will always be useful, because it is the perfect way to put our procedures and processes to the test. However, these exercises are secret and the blue team is only informed at the end, when it is faced with essentially a fait accompli.”
“If you have a sufficiently mature organisation, purple teaming can lead to new insights more quickly. Involving the blue team from the start gives you more interaction, allowing you to share knowledge more quickly and provide direct feedback.”
AI: friend or enemy?
But a company needs sufficient manpower to carry out these types of exercises. “That poses a problem with the current labour shortage,” Simon continues. “And it is precisely why we regularly organise training courses to make our staff aware of existing security risks. We look at emerging technologies that can help us automate the exercises, as well.”
“AI will certainly play a role in this automation. At the same time, we must keep aware that hackers will also use technology to achieve their goals. The key is to continue to put cybersecurity high on the agenda, in order to be as prepared as possible”, KBC’s Information Risk Officer concludes.