Yesterday, the Centre for Cybersecurity Belgium (CCB) published its annual report, which provides an interesting insight into the state of cybersecurity in Belgium. You can find the CCB’s post here: https://ccb.belgium.be/en/news/annual-report-2023.

The CCB which, if you are not familiar with them, is one of the driving forces of cybersecurity progress in Belgium and Europe. As a team functioning directly under the authority of the Belgian Prime Minister, they are working on a daily basis to drive the Belgian cyber security strategy. That obviously means they have some interesting data as well … Let’s dig in!

Incidents and Events – A Summary

Ransomware was a big part of the incidents the CCB observed. At 120 incidents, the CCB noticed an increase of 24% compared to 2022.

On a national level, the CCB observed 5 major incidents impacting entire sectors instead of individual organisations.

There were 46 incidents classified as minor with no direct impact on the country’s operations.

Lastly the CCB was material in 98 coordinated vulnerability disclosure.

It also needs to be noted that the CCB’s services in analysis of (potential) phishing mails have contributed notable value. They received nearly 10 million suspicious emails, identified nearly 1,3 million URLs and nearly 300.000 domains as malicious, and sent 9.543 “spear warnings” to Belgian organisations through their proactive monitoring capabilities.

Analysis

While it is difficult to estimate the cost of a ransomware attack, recent numbers indicate that these trend in the direction of more than 1 million euros. Just going by that average, only the incidents seen by the CCB have impacted our economy for more than €120.000.000. Those numbers are staggering, even if we assume a relatively big error margin.

The work done by the CCB is invaluable, but the real improvements still need to happen “on the ground”. At spotit we work with our customers on a daily basis to improve their cybersecurity posture and their resilience against devastating attacks before they happen. One of the very actionable resources from the CCB that we often start with is the CyberFundamentals Framework. Even at its most basic level (SMALL), CyFun provides guidance that can immediately make the life of attackers much more difficult.

Protect all logins with multi-factor authentication (MFA)

At this time, there is probably no cheaper security control that you can consider than MFA. In its most basic form it is included with your Microsoft or Google subscription and available for all your users. Just enabling this feature immediately protects the largest portions of your collaboration software. The next step is then to ensure that your most critical applications leverage the same login infrastructure. After all, the more identities a user has to remember, the bigger the chance that a weak password will be the reason for your next cybersecurity incident.

At spotit we would also recommend the use of a password manager (like Keeper, LastPass, or OnePassword) for credentials. These tools also support MFA functions so they make the user’s life much easier.

Install all security updates immediately

This sounds much easier than it is, still today. Even in a world where vulnerability management and attack surface monitoring seems ubiquitously available, the update struggle is still very real for many organisations. The reality is that scanning for vulnerabilities should not be the primary driver for your patching strategy. Making infrastructure more resilient is a strategic project that focuses on four main pillars:

  • An inventory of what is most important to you, and an assessment of its current health.
  • A clear design vision for defensible infrastructure that you can iteratively apply to this inventory.
  • Continuous visibility of the activity on the assets in this inventory.
  • A view of the vulnerabilities and weaknesses throughout your IT landscape with vulnerability management and attack surface monitoring.

Even if you don’t have a dedicated vulnerability management solution in place, you probably already have tooling available that can assist you in getting a grasp on vulnerabilities and required security updates. This type of functionality can often be found in your IT Operations tooling.

Install Antivirus

Our industry likes to rename solutions early and often. Antivirus, Antimalware, EDR, XDR, … They are all slightly different flags to cover a similar load. It’s clear that a 2024 version of an XDR solution is very different from a 2018 Antivirus solution but their purpose is similar. They are meant to protect your endpoints from malicious activity.

What the right choice is for you is a topic that can not be covered in this blog post but it should be easy to deploy, continuously updated, and able to block common attack patterns automatically.

Secure Your Network

As crazy as it sounds, this is a recommendation that is often overlooked. After all, “the network” has come to mean much more than the local network in the office. Today people work from everywhere, deploying TLS has become easier than it has ever been, and the network is often taken for granted.

Even in times where the industry is rumbling with visions about zero trust, basic network configuration mistakes or a lack of network hygiene still form the basis of impactful outages. Through spotit’s Security and Network Assessments, we constantly help our customers to improve their network security and develop a roadmap that ensures the resilience and defensibility of their networks.

Backup Your Data

Backups are arguably your best defence mechanism against ransomware attacks. Especially an isolated backup that is completely separated from your production network can prove invaluable for recovery when ransomware hits.

Administration Rights

Again it is no secret that attackers are going for “admin rights” first when they have obtained a foothold in your infrastructure. Even in 2024, administrative privileges are still easy to find in most networks. It is most likely one of the hardest problems to solve but it needs solving. In this video from last year, David Weston from Microsoft’s security team lays out Microsoft’s vision of an “adminless future” which is encouraging. The steps that Microsoft has taken over the years are notable and we would encourage everybody to look at what is possible within the Microsoft ecosystem. There are actually already a lot of features available that allow you to reduce your attack surface. However, “remove administrator rights” is not the advice we can credibly give today. What about “control administrator rights”? That is much more feasible.

At spotit, we are big fans of tools like AdminByRequest. This category of tools doesn’t hamper your users but it does make them conscious about when they need, and use, administrator rights. They’re definitely not a silver bullet, but they allow you to tilt the odds ever so slightly in your favor.

Conclusion

Reports such as the one published by the CCB allow us to take stock of where we are today and how we can work together towards a resilient future where businesses can thrive knowing that their most critical assets are protected. At spotit we always look for pragmatic solutions for complex problems that show measurable results.

We’d like to wrap up this post by thanking the CCB for their continuous efforts. There is no doubt that the work they do contributes to a more secure country on a daily basis.