Reinaert Van de Cruys: During my IT education, we learned about security at school, but mainly through a defensive approach. Infiltrating a network is something we taught ourselves. One of my first ethical hacks was the website of a municipality in Limburg. It turned out to have a serious problem: I was able to access the data of ten thousand citizens. When you discover such a thing, it gives you a huge kick! In that sense, hacking is a bit of an adrenaline sport. (laughs)
Nowadays, there are also security courses that take the offensive approach. You can study to become an ethical hacker, which is a good development. This role fulfils a monitoring task that must be executed. You can't just assume that IT administrators configure their firewalls properly and that everything will be fine. The independent ethical hacker who looks for errors and holes is an essential part of the cyber security ecosystem.
Which activities does Fox&Fish carry out?
We are very busy with customised training for end users, software developers and IT administrators. We turn it into a kind of magic show with live hacking demonstrations and an interactive quiz section. By making hacking very concrete and practical, we increase the involvement of our audience in cyber security. We also puncture the Hollywood image that hackers are wizards. We show our trainees that they are just using certain tricks and that it is possible to protect yourself against them.
In addition, we perform classical ethical hacking: checking websites, applications and organisations. Breaking in, seeing what we find, and then delivering reports about it.
How do you keep up with the latest developments?
It’s challenging, because the cyber world is evolving incredibly quickly and customers expect – rightly - that we are always up to date with the latest trends. We use many, different sources, such as articles that appear on our online feed or tips and tricks from colleagues. There are also a few excellent podcasts about cyber security. ‘Dasprivé’ for example by Bart Van Buitenen and Tim Van Haeren. It’s the best choice to stay up to date in the field of privacy and GDPR. And I am lucky to regularly collaborate with a number of ethical hackers on a freelance basis. If you want to learn new hacking techniques, nothing beats a duo project with another hacker!
What does this award mean to you?
I was told that we received the award mainly because we make cyber security understandable for everyone: cutting through the jargon and thick reports, and providing very concrete and practical tips. In this way, we help increase cyber security awareness and convince more people of its importance. I believe this is crucial, and the award motivates us to focus even more on this area.
In 2025, we will share videos with tips for end users, because we want to make more information available. Our ambition and our mission remain to take cyber security in Belgium to a higher level, both in the business world and with private individuals.
Which achievement are you most proud of so far?
I like to think back to the very first audit I did, five years ago. I was very nervous because it was my first official assignment as an ethical hacker, and it was for a well-secured multinational. The company had already implemented several security measures and done previous audits. I certainly wasn't going to find any low-hanging fruit!
But only 20 minutes into the audit, I was in their systems - because the CFO had reused a password that had been leaked on the dark web. It was just there, for the taking. Sometimes it is just that simple. You can invest heavily in firewalls and training, but then a simple human inattention, such as an unprotected password, can be your downfall. This shows how we still sometimes make things very easy for hackers. It’s a message that grabs people's attention.
2024: ACTIVITY REPORT OF THE CYBER SECURITY COALITION
