2024: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

In addition to obtaining data, money remains the biggest driver for cybercriminals. And as their attacks become more sophisticated, the financial sector and companies such as Mastercard are doing everything they can to identify potential threats. "Technology plays into the hands of cybercriminals, because with AI it is easier than ever to carry out attacks," says Rigo Van den Broeck, EVP Cybersecurity Product Innovation of Mastercard. The rise of AI-driven phishing is particularly worrying. "After all, criminals know all too well that people are the weakest link in an organisation and with AI they can now also write convincing, truthful emails." 

Turning intel into action 

To gain a better understanding of the behaviour of criminals, their tactics and the vulnerabilities they exploit, Mastercard announced its intent to acquire the threat intelligence company Recorded Future. "This company excels in collecting and analysing threat intelligence and translating it into actionable insights," explains Rigo Van den Broeck. According to Van den Broeck, that is exactly where many companies fall short. "Collecting data is only the first step, but it's about what you do with that information."  

Mastercard links that information to certain fraud cases. "It is precisely by making these connections that we can set priorities and take more targeted action within our security policy." In doing so, the company is also taking a close look at its entire supply chain. "After all, criminals are increasingly targeting suppliers. We therefore advise organisations not only to take a critical look at themselves, but to make a risk analysis of their entire ecosystem. Based on that analysis, it can then be decided which investments need to be made." 

AI as an ally 

In doing so, organisations should also take a look at what AI can do for them. "In any case, the technology helps us to detect suspicious transactions faster. The downside, however, is that criminals also have access to it and use it to set up new attacks."  

Despite this evolution, Van den Broeck mainly sees the advantages of AI. "I sincerely believe that thanks to AI, we can stay one step ahead of criminals, even though there are also attacks that cannot be detected yet." Fortunately, these attacks are the exception rather than the rule, and the number of criminals who have the knowledge to set them up is also limited. "Logically, most stick to the more classic phishing and ransomware attacks. However, where large companies have extensive resources and expertise to defend themselves against this, smaller companies are much weaker." 

To close that gap, Van den Broeck argues for more cooperation, such as the Cyber Security Coalition is offering. "By sharing knowledge and resources, we can also make every organisation more resilient. After all, no one can be completely cyber secure on their own," he emphasizes. 

In addition, a collective approach helps to get a better grip on the enormous amounts of data that come to organisations. "And if we only keep data to ourselves, we are playing into the hands of criminals, while we need to make our AI models more powerful. If used wisely, I see technology more as an ally that can make an entire organisation stronger." 

No sector - whether financial, manufacturing or governmental - is immune to the growing threat of hackers. Cyber threat intelligence (the process of collecting and analysing information about current and potential cyber attacks) is helping the Belgian Defence to respond more quickly to cyber threats. "The task is not getting any easier, because the techniques used against us are more advanced every day," says Major General Michel Van Strythem, who leads the Cyber Command. 

A complex threat landscape  

The most visible incidents are DDoS attacks, which can temporarily shut down websites. Last autumn, several Belgian municipalities fell victim to this type of attack. “Because many local authorities use the same hosting partner, the servers became overloaded and their websites were inaccessible for a while.” Although the impact of these attacks was relatively limited, they still stirred up emotions. “And that is what some criminal groups are after. They want to incite fear and create a breeding ground for anti-Western feelings.” 

Other threats also require attention. “Next to ransomware, phishing attacks and cyber intrusions with data exfiltration, a fourth major threat is coming our way: the abuse of our own infrastructure to carry out attacks on third countries,” Van Strythem continues. Such attacks can significantly undermine allied interests. “But they are very difficult to detect, especially in an increasingly complex landscape with ever-more advanced techniques. We have long since passed the point where traditional security measures could protect us.” 

The Major General emphasises the importance of vigilance and cooperation in the fight against cyber threats. “We work closely with the academic world and the technology industry to strengthen our resilience. We continuously exchange information with European colleagues and with national authorities, such as the Centre for Cybersecurity Belgium and other partners. This allows us to respond more quickly to new developments and threats.” 

Stronger through collaboration 

By working together, Defence also aims to stay one step ahead in assessing future threats. “We make predictions based on hypotheses and by drawing out possible consequences. This analytical work is performed by a team, based on our own knowledge, public information, and input from our partners.” It’s an approach that has delivered results for Defence. “To name one, we exposed a network infrastructure that was being abused to launch attacks. After this discovery, we took action with the security services to better shield the network. In this way, we were able to avert an attack.” 

This example illustrates the intense battle to stop cyber criminals. “The fight is certainly not getting any easier,” says Major General Van Strythem. “We are receiving an increasing volume of data and with everything being interconnected, we must take account of a growing number of variables. Artificial intelligence can be a valuable ally, but there as well it is crucial to share experiences via joint platforms. That is where the future lies, and as a country we will not shirk our responsibility.” 

In 2013, a large-scale hacking incident targeting the Belgacom network directly led to the creation of the Belgian Cyber Security Coalition. Since then, the complexity of cyber incidents has grown; driving rapid advancements in detection and response technologies.

“The window of time between unauthorised system access and harmful impact has shrunk alarmingly,” says Jean-Luc Peeters. “What used to take weeks or months now happens in mere days, or even less. Speed is of the essence in incident response: the faster, the better.”

Technology is a necessity in a complex reality

Advanced tools are therefore no longer optional, Peeters explains. “These technologies allow organisations to respond more efficiently by automating routine tasks. For instance, manual review of endless log files has become a thing of the past. Continuous monitoring remains the backbone of a strong incident response strategy. Fortunately, out of the hundreds of incidents organisations face, only a few escalate to catastrophic levels.”

However, over-reliance on technology poses its own risks. “Blind trust in tools can be dangerous, and experts are indispensable. We’ve seen expensive tools fail because they were poorly implemented,” he warns.

Other new challenges he highlights include vendor lock-in and security vulnerabilities caused by integration issues. “Furthermore, as multi-cloud environments become the norm, often coupled with microservices, proper management becomes even more complex. Hence, a security by default approach should be the goal of all actors. Achieving this would be a major step forward in safeguarding data security,” Peeters adds.

Purple Teaming: bridging skills and strategies

The growing complexity of cyber threats calls for careful consideration of team expertise, Peeters notes. “For instance, network security, application security and digital forensics are now distinct fields. Purple teaming, which integrates offensive and defensive teams, is therefore essential. This approach not only enhances response capabilities but also equips operational teams to close vulnerabilities. Most importantly, it drives organisational growth.”

An effective team operates like a well-oiled project team during an incident. “Clear communication lines, designated key personnel, and precise coordination are essential. Without these, leadership risks being inundated with questions, slowing the process and causing overload, often compounded by exhaustion,” Jean-Luc Peeters of CERT.be concludes.

The panel, consisting of Miguel De Bruycker (Managing Director General at the Centre for Cybersecurity Belgium), Bart Asnot (National Security Officer at Microsoft Belgium), Ilias Chantzos (Global Privacy Officer and Head of EMEA Government Affairs at Broadcom Inc.), Alex Vandurme (Head of NATO Cyber Security Centre Cyber Hygiene Branch) and Bart Preneel (Professor in KU Leuven’s COSIC research group), was moderated by Sujin Chan Allen (General Counsel at NATO’s NCI Agency).

In a world where a cyberattack occurs every 39 seconds, threat intelligence sharing has never been more urgent. At its core, threat intelligence revolves around one critical question: how can we ensure optimal sharing of cyber threat information and data between all involved stakeholders? “This has been an issue for more than 25 years,” explained Ilias Chantzos, underscoring not only the importance of this process for the industry, but also its role as a driver of progress. “We must share intelligence as effectively as possible, because the ‘dark side’ is continually doing so -  and advancing because of it,” added Bart Preneel.

“Trust and transparency are fundamental: people need to know you and understand what you do. That’s why, in a sector that operates primarily online, in-person connections - for example, through networking events and gatherings - are more important than ever,” continued Miguel De Bruycker.  However, he added that in the realm of threat intelligence sharing, you must accept that those providing information will never disclose everything they know.

Bart Asnot agreed: “The human element is fundamental. We need to learn to understand each other’s language, and together determine how to navigate the existing context and regulations.”

Regulation and complexity go hand in hand

As the panellists pointed out, while regulations are crucial for setting standards, they also add complexity, especially for smaller businesses. So, how can the right balance be achieved? “One could argue that every new regulation or legislation, whether it’s the GDPR or NIS2, is an attempt to formalise the process of information sharing,” Ilias Chantzos pointed out. “The result is that the organisation’s legal team is now often putting the brakes on information sharing, while technical teams like engineers are eager to share more.”

The downside of increasingly strict laws and initiatives around information-sharing requirements is slower progress in cyber security. “For a small-business-focused country like Belgium, compliance with these laws is an even greater challenge,” noted Bart Asnot. “Moreover, increased obligations undermine a core advantage of the digital world - the ease of cross-border collaboration - often without fully revealing one’s identity. So is it desirable or feasible to completely reverse this logic?” Bart Preneel responded.

The greater good

This tension resonated with the other panellists. “In my experience, sometimes you simply have to dare to share data, even if not required by regulations. It’s a matter of give and take, where we must always keep the greater good in mind. Ultimately, it’s about risk management,” Alex Vandurme added, highlighting the growing complexity surrounding information sharing. “Technological innovations, including those from academia, can be a great help here. "Take encryption, for example—it ensures confidentiality while enabling information sharing without exposing critical data, thanks to advanced encrypted computing techniques," Bart Preneel chimed in.

A further complication is Europe’s position as the strictest regulator - a well-known reality that clearly affects businesses. “In this whole debate, it’s crucial to keep the true purpose of these actions at the forefront. We can encrypt and secure data all we want, but the real question is what we ultimately aim to do with it,” concluded Ilias Chantzos.