The digital and physical worlds are no longer separable and digital processes form society’s central nervous system. They are indispensable to the unimpeded functioning of society. The digital infrastructure is vital to our daily lives. We use it at home, at work, to travel and to make payments. We must be able to rely on our digital infrastructure, just as we do on the air we breathe, our drinking water and our roads and railways. Any failure of digital processes can have a major impact on society. This is apparent from this year’s Cyber Security Assessment Netherlands (CSAN) by the National Coordinator for Security and Counterterrorism (NCTV), which was drawn up in collaboration with the National Cyber Security Centre (NCSC).
The disruption of digital processes can result in organisations no longer being able to do their work, personal data breaches and the unavailability of services. Examples include a hack at a cheese packaging company, a data breach at an ICT service provider for car companies and an ICT failure at hospitals due to which appointments had to be cancelled.
In the past year, we have seen major differences in the resilience of companies and organisations. Experts are very concerned that this gap will widen in the future. The coronavirus pandemic has prompted the digitisation of even more processes, making digital security even more critical. The threat has developed too, and the threat from state actors is increasingly merging with the threat posed by cyber criminals.
Digital risks remain high
The digital risks to our national security remain high. Espionage and preparatory acts for sabotage by other countries constitute a risk to our national security, as also described in the State Actors Threat Assessment published earlier this year. In addition, the use of ransomware by criminals can have disruptive consequences for society. The failure of digital processes due to natural or technical factors also poses a risk.
Digital threat continues to grow
The NCTV and the NCSC observe that both state actors and cyber criminals have seized upon the situation created by the coronavirus pandemic to carry out digital attacks. With even more of our lives taking place online now, it has also become more attractive for malicious parties to launch digital attacks. Attacks can be so disruptive that they have a long-term impact on organisations and supply chains. Cyber criminals can also play havoc with society, including by disrupting critical processes. They are often just as capable as state actors and are frequently closely connected with them.
Resilience is still insufficient
The permanent threat from both state actors and cyber criminals requires that we stay constantly focused on our digital resilience. Some steps have already been taken in recent years to improve digital resilience. However, given the growing threat, this resilience is still insufficient. That is why we need to catch up now. Currently, even basic measures – like the use of strong passwords and the prompt repair of vulnerabilities – are not always in place.
Getting cyber security policy in good order
In order to increase the digital resilience of companies and organisations, the NCSC has written the Guide to Cyber Security Measures, which lists eight measures every organisation should take to help counter cyber attacks. Examples of these measures are logging, implementing a password policy, making backups and encrypting information. Recent digital incidents underline that companies and organisations are vulnerable if these measures are not taken.