The answer is: always, but you can also work on your own Cyber Security. Bart Lamot of the DIF asked the question to lecturer Technical Information Security Daniël Meinsma during DIFx Live in the Dutch Innovation Factory.
A good start for more Cyber Security would be to map out where you are listed. Chances are you'll be amazed at what's out there about you.
Daniël Meinsma: 'You can go far back with the traces you have on the internet. Check how many times certain data is duplicated. There is almost a copy of the internet available for each country, for example so that you can quickly see a video because the video is already in your area.
Hyves from 10 years ago
And once it's on the internet, it's often copied.' For example, via archive pages it turned out to be possible to see your circle of friends from Hyves from 10 years ago.
Maybe you don't mind, maybe you do. The point is, you've never been asked if it's okay for anyone to click through your connections 10 years later. And that's the point: do you know your digital footprint? What traces do you leave behind and what is the chance that they put hackers on the trail?
The human factor
You cannot predict that, but you can make an organization aware, Daniel indicated. Because the human factor is decisive in Cyber Security. Without people who make themselves vulnerable or seek each other out, Cyber Security is not an issue.
Awareness in Cyber Security
But you want fame and growth, so what should you do? Count on the fact that with the growth process you will also become more and more visible to attackers. And awareness requires a precise description of threats. According to Daniel, hackers can be divided into two categories. 'Hackers also have a revenue model. There are attackers who take what they can and there are attackers who specifically seek out and invade you. They often come for money, but certainly not alone.
Not just from China
Also think about innovation. This raises the question of how interesting your organization is for foreign powers in search of innovation. The country China is then quickly under suspicion, but the country is certainly not the only one.
Daniël about this: 'Almost every country is digital these days, looking at what other countries can learn there.' When attackers are looking for money, they increasingly target organizations that provide digital services.
Especially because with an action to get as much as possible. Are you at a service provider with home workplaces? Then you can hit the ground running with all customers of that service provider.
Can you guard against that? Yes and no. By the 20% of 'sophisticated' attacks, you give up.
What trace do you leave
But the other 80% can be kept out by being aware of Cyber Security vulnerabilities. Start with the traces you leave behind. Keep account names close to you and use duplicate passwords.
And: see how far you get yourself. 'Try to demolish something', is Daniel's answer. 'When you learn to demolish something, you learn how something was not intended. And then you learn something new about that piece of software or hardware.'
Before it happens: arm yourself against the consequences and take inventory. Suppose the website goes down, is there anything left? Can you offer services or products without a site? Can you make a temporary work around until you are in calmer waters again? Or is your online presence an absolute requirement? If the latter is the case, your IT Security will have to meet high requirements. And if it happens, you prevent total panic because you already have recovery scenarios.
This way you keep the consequences within limits. Before that time, you have kept the chance of an attack as small as possible. Need help?
See the video recording of the conversation below.