Our website uses cookies to create a better user experience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023 2024

2024: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

"Speed is of the essence in incident response"

In today’s rapidly evolving threat landscape, effective management of cyber incidents has become an indispensable part of any cyber security strategy. Jean-Luc Peeters, head of the Cyber Emergency Response Team (CERT.be), sheds light on the key challenges and trends shaping incident detection and response.

Read more
Close article

Jean-Luc Peeters

Head of the Cyber Emergency Response Team (CERT.be)

In 2013, a large-scale hacking incident targeting the Belgacom network directly led to the creation of the Belgian Cyber Security Coalition. Since then, the complexity of cyber incidents has grown; driving rapid advancements in detection and response technologies.

“The window of time between unauthorised system access and harmful impact has shrunk alarmingly,” says Jean-Luc Peeters. “What used to take weeks or months now happens in mere days, or even less. Speed is of the essence in incident response: the faster, the better.”

Technology is a necessity in a complex reality

Advanced tools are therefore no longer optional, Peeters explains. “These technologies allow organisations to respond more efficiently by automating routine tasks. For instance, manual review of endless log files has become a thing of the past. Continuous monitoring remains the backbone of a strong incident response strategy. Fortunately, out of the hundreds of incidents organisations face, only a few escalate to catastrophic levels.”

However, over-reliance on technology poses its own risks. “Blind trust in tools can be dangerous, and experts are indispensable. We’ve seen expensive tools fail because they were poorly implemented,” he warns.

Other new challenges he highlights include vendor lock-in and security vulnerabilities caused by integration issues. “Furthermore, as multi-cloud environments become the norm, often coupled with microservices, proper management becomes even more complex. Hence, a security by default approach should be the goal of all actors. Achieving this would be a major step forward in safeguarding data security,” Peeters adds.

Purple Teaming: bridging skills and strategies

The growing complexity of cyber threats calls for careful consideration of team expertise, Peeters notes. “For instance, network security, application security and digital forensics are now distinct fields. Purple teaming, which integrates offensive and defensive teams, is therefore essential. This approach not only enhances response capabilities but also equips operational teams to close vulnerabilities. Most importantly, it drives organisational growth.”

An effective team operates like a well-oiled project team during an incident. “Clear communication lines, designated key personnel, and precise coordination are essential. Without these, leadership risks being inundated with questions, slowing the process and causing overload, often compounded by exhaustion,” Jean-Luc Peeters of CERT.be concludes.

Close article