An observation of the Cyber Security Assessment Netherlands 2020
On 29 June, 2020, the National Coordinator for Security and Counterterrorism (NCTV) released the new Cyber Security Assessment Netherlands (CSAN). In this document, which is made public every year, the NCTV discusses the threat assessment for the Netherlands in the field of cybersecurity. Some may have never heard of this before, yet this report is extremely important for the Netherlands and its cyber safety. The CSAN addresses the situation in the Netherlands with regard to cybersecurity.
Highlights Cyber Security Assessment Netherlands Report
Although the report consists of 64 pages, the most important aspects are discussed below. There are a number of issues that run through the report like a red thread.
Supply Chain Security
The Netherlands is largely dependent on the supply chain and is also a part of other supply chains. In the report, the NCTV clearly expresses a dependence on the responsibility others take in the field of cybersecurity. If this responsibility is not taken, attacks can gain traction much more easily. Everyone should therefore be aware of the dangers of not following their cybersecurity responsibilities. The NCTV also criticizes the supply chain dependency of the Netherlands. This is a major risk. Certain services rely too much on supplies from other countries. Crowe Peak’s IT Assurance also sees that for many organization the supply chain is an important focus. Often times external service providers are used and products such as cloud solutions. Organizations can set up their security successfully, but if business partners do not attach importance to this and neglect this, it is still a huge risk.
Dependency on cyberspace
The report also mentions the dependency on cyberspace that Dutch society has. Cyberspace is the ‘digital space’, which refers to all internet connections. Many processes, facilities, services and products rely on the internet, making it practically impossible to disconnect them. When this is discussed with customers we are sometimes shocked by the nonchalant attitude towards IT. That is until it turns out that business operations can come to a standstill when the IT environment breaks down. Fortunately, we have recently seen a shift in organizations’ attitude, in which IT is assigned a more important role within business operations.
Still based on the information from the report, it appears that cyber criminals’ modus operandi has not changed much. There is still a strong threat from the use of malware by criminals, such as the widely discussed ransomware variants. However there has been a shift from illegal tools to the use of legitimate tools (for example legitimate mail servers or cloud solutions) in order to carry out attacks. There have been no large incidents in the past year, but incidents that have taken place have again shown great dependency.
The biggest threat
What should we really be concerned about? In principle, all cybercrime-related matters deserve attention, but in particular the NCTV has indicated that an emphasis is placed on combating state actors and professional criminals. For political actors there is a special focus on the threat of political espionage. On the other hand, the greatest risk for the Netherlands will be digital sabotage.
Cybersecurity must be fully integrated in the Netherlands. There are still too many individuals and organizations that don’t see the importance of cybersecurity. It’s shocking that the research has shown that the cybersecurity risks are often still underestimated. By continuing to innovate, combat and maintain an open dialogue to exchange information, cybercrime can be stopped or combatted better. In this way, we are building a safer (cyber) Netherlands together.
Do you have trouble finding opportunities to prevent cybercrime and improve your cyber security? We invite you to talk to Crowe Peak’s IT Assurance specialist. With our knowledge and experience we can help you on the path to the next level of cyber maturity.