NIS2: The final countdown begins

17 October is quickly approaching, bringing with it the entry into force of the NIS2 Directive. But will this law make us more secure? It is a fitting question posed by Miguel De Bruycker (Managing Director General of the Centre for Cybersecurity Belgium) to kick off our annual BE-CYBER Experience Sharing Day.???

This European Directive marks a turning point in our approach to security compliance, particularly with its expanded scope now covering a wide range of sectors and organisations, especially industrial companies. To find out more about this directive, please ? visit the website of the Belgian Cybersecurity Center, which outlines the prerequisites transposed into the law of April 26, 2024.?

NIS2 presents a valuable opportunity for everyone to reassess their cyber security strategies. Gone is the siloed approach, replaced by a holistic vision that integrates IT and OT. With the directive’s expanded scope, it is essential to closely examine our internal practices and ensure they meet the required compliance standards.???

Some may view this directive as a laudable effort to harmonise and foster collaboration among countries in the fight against the cyber threat. Others may perceive it as an added burden. The extensive reporting requirements – often involving dozens of documents - the obligation to increase internal information and training, and the additional budget needed for compliance (estimated to rise by 12% to 22% according to John Noble, former director of the UK's National Cyber Security Centre (NCSC)) all contribute to the growing pressure on CISOs and organisations.?

For others, NIS2 is an opportunity to showcase their expertise, strengthen organizational resilience and create added value. The new reporting requirements and strengthened security measures contribute to building a more secure digital ecosystem for everyone.?

NIS2 also stands out for its practical, risk-based and maturity-driven approach. The risk-based framework encourages us to identify and prioritise our critical assets, directing our efforts where they are most needed. At the same time, the maturity approach pushes us to systematically enhance our overall cybersecurity capabilities, creating a solid and scalable foundation. This combination allows us to be both reactive to immediate threats and proactive in strengthening our long-term security posture.?

These are just a few of the challenges that will keep us engaged in the coming months and will be thoroughly discussed at our BE-CYBER Experience Sharing Day. We look forward to meeting you, sharing insights, and building on our joint experiences.?

?? Welcome aboard, Henk!

We are pleased to announce that Henk Dujardin will be joining the Operations Office as Chief Executive Officer from October 16th. With 28 years of experience at Proximus as Delivery Manager and Programme Manager in multiple IT & Cybersecurity domains, Henk brings extensive expertise in team and service management. His background makes him ideally suited to drive the growth of our association and to shape the strategy that will position the Coalition as the leading cybersecurity reference in Belgium. Henk is eager to get to know the member community and work closely with all of you to drive the Coalition forward. We wish him every success in his new role and are excited to see him take on this challenge with great enthusiasm.

??? General News

Two-factor authentication: A simple step to a safer digital world?

This year, Belgium's national cybersecurity awareness campaign is focused on the importance of two-factor authentication (2FA). Despite previous campaigns, 2FA remains underutilized, even though it is a simple yet powerful security measure that can prevent countless cyberattacks. This year's campaign video features the citizens of Herstappe, Belgium's smallest bilingual municipality. With expert guidance, all residents have successfully implemented 2FA, making Herstappe the most secure municipality in the country. ? Download the campaign material here — let's spread the word and inspire other municipalities to follow suit.

Last call Cyber Security Awards 2024!???

Don't miss your chance — submissions close on October 4th at 11:00 PM! There is nothing to lose and everything to win, as we honour the vital work cybersecurity and privacy practitioners do to protect our digital society and our personal data. ? Visit our awards website now and seize the opportunity to make your mark for a good cause!?

?? Ecosystem Initiatives

Safeonweb@work: Your NIS2 compliance ally?

As the NIS2 law takes effect, Belgian businesses face increased cybersecurity obligations. Safeonweb@work is your trusted partner in achieving NIS2 compliance. The objective of this initiative of the Centre for Cybersecurity Belgium (CCB)?is to strengthen the cybersecurity of Belgian companies and organisations by providing them with advice, recommendations and tools to identify and mitigate the vulnerabilities of their systems and to be alerted to cyber threats. We encourage you to surf to the Safeonweb@work website, firstly to check whether you are affected by NIS2 and ? register , and secondly ? to carry out your assessment to determine the appropriate level of assurance by implementing the necessary security measures.?

Flanders unveils new platforms to shape the future of AI and Cybersecurity?

Flanders has launched two new websites focusing on artificial intelligence and cybersecurity. The websites, created under the Department of Economy, Science, and Innovation (EWI), are named "Cyber Security Flanders " and "Artificial Intelligence Flanders ." As their titles suggest, they delve into these critical subjects, offering insights into Flanders' approach and strategy on cybersecurity and AI - two of today's most pressing technological issues. With these initiatives, Flanders seeks to highlight its commitment to fostering innovation and ensuring a secure digital landscape for its citizens and businesses.?

?? Forthcoming Events???

08 Oct. | BE-CYBER: Secure Belgium’s Digital Future ?? Last Call!

The programme for the BE-CYBER Experience Sharing Day is now finalized and available on the event website ! Featuring the theme Secure Belgium's Digital Future, the event promises captivating insights with more than 300 participants already registered. In four different tracks, we will explore how both technological innovation and human expertise must come together to tackle the challenges ahead. Spaces are filling up fast, so ? secure your spot now to be part of this unforgettable day!?

14 Oct. | Integrating IT Governance for a Secure Future??

This event on October 14th is co-hosted by ISACA Belgium & Netherlands Chapters, and Antwerp Management School in cooperation with the Cyber Security Coalition and Beltug. The event focus will be on how effective IT governance, especially frameworks like COBIT, can drive organizational success and maximize IT value. However, implementing such frameworks in the public sector is complex due to dynamic environments, diverse stakeholders, and the need for broader support among IT professionals and leadership. The event kicks off a research programme focused on the role of IT governance in governmental institutions. This initiative will tackle key issues around creating value through strong IT governance.??

02-04 Oct. | EESC-COR Cybersecurity Days 2024

From the 2nd to the 4th of October, the European Economic and Social Committee (EESC) and the European Committee of the Regions (CoR) will host this exciting event in Brussels. This year’s theme Defend Today – Secure Tomorrow focuses on social engineering, a growing threat that targets human behaviour to breach security. The conference offers three days of insightful sessions featuring top speakers from EU institutions, regional governments, and civil society. Only EUIBA staff can attend the event on site. Any other interested person can ? register for the streaming .

14-18 Oct. | Cyberweek 2024 Wallonia?

For the second year in a row, the Agence du Numérique is organizing a series of events dedicated to cybersecurity as part of Cyberweek 2024 and the European Cybersecurity Month, established by ENISA. This initiative, funded through the Wallonia Recovery Plan, is part of the Cyberwal by Digital Wallonia programme within Wallonia’s digital strategy. Cyberweek features a series of events across various Walloon cities, each highlighting a different local ecosystem. These events go beyond traditional presentations, offering live demonstrations of cyber-attacks and showcasing initiatives that add real value. Participants will not only raise their awareness of cybersecurity issues but also gain a deeper understanding of the challenges, practical solutions, and tools to enhance their cybersecurity posture. Discover this French-speaking ? programme , scheduled from October 14th to 18th, and ? register now. ?

?? Magic Moment

Successful Meet & Greet welcomes new members and CEO?

On September 5th, we hosted a successful Meet & Greet event for our new members, marking the first opportunity for our new CEO Henk Dujardin to connect with the member community. It was a vibrant evening of introductions, discussions, and networking. Be sure to check out the highlights from the event in our ? photo gallery !?

?? Reading Tips

• The Tech Coup: how to save democracy from Silicon Valley ?| In The Tech Coup, Marietje Schaake reveals how technology companies, under the guise of innovation, have usurped the power of governments and are threatening democracies. From police surveillance to the financial meltdown caused by cryptocurrencies, she exposes the dangers of unregulated technology. Schaake proposes bold solutions to restore the balance of power and protect citizens in our digital world.??
• ENISA Threat Landscape 2024 — ENISA ( europa.eu ) ?| The European Network and Information Security Agency (ENISA) has produced an overview of the threat landscape in Europe. It lists the top 7 threats, from ransomware, which remains a major threat, to zero-day vulnerabilities, which are increasingly being used to infiltrate systems. In addition to the threats, the agency lists the most targeted sectors, with public administration and transport topping the list. This report is essential reading for decision-makers and cybersecurity practitioners to improve digital resilience and security across the EU.
• The Nuts and Bolts of achieving security compliance (ISACA Netherlands Chapter)?| What are the challenges of implementing security compliance in the context of adopting agility and DevOps in the financial sector? Primarily, that of translating the Central Bank's security directives into terms that DevOPs teams can understand. This is the conclusion of the study conducted by Erwin Laros, Karthik Rajagopalan and Yuri Bobbert . In response, the three authors have developed an ‘Information Security Compliance Artefact’, a tool that provides a set of practices for ensuring security compliance in an Agile/DevOps context.?

?? New Tools

Surf without worries: Mastering two-factor authentication?

To support this year’s national awareness campaign, the Awareness Focus Group has launched the third module of Surf without worries. Following Phishing and Scams, this episode focuses on two-factor authentication. Authentication is often the weak link in online accounts, whether due to ignorance of the risks or simple laziness. To address this weakness, the Awareness Focus Group has created educational videos to remind us of the basics of security and how to implement two-factor authentication. ? The sessions are available in Dutch, French, German and English.

VDAB launches new online training module?

The VDAB has introduced a ? new e-learning module , which will now be part of the curriculum for all job seekers participating in training programmes through VDAB or its partners, reaching an average of 27,000 people annually. The central figure in the training is Rani, who has just secured her first job at the company Finfo. However, Rani is unaware that she is the target of cybercriminals aiming to scam her and steal Finfo’s sensitive data. Fortunately, Rani receives help from an unexpected source. This interactive storyline provides a hands-on way to educate users on the importance of cybersecurity and the threats they may face in the workplace.?

?? Members in the Picture

The Coalition is pleased to spotlight Yuri Bobbert and Frank Souffriau

Yuri Bobbert , a professor at Antwerp Management School (AMS), has over 25 years' experience in management, having held positions as CEO, CISO and CTO. The AMS, through its Executive Master in IT Risk and Cybersecurity, trains executives by offering a wide range of specialized cybersecurity courses. According to Bobbert, the integration of governance and leadership, pillars taught by the school, reinforces the human dimension, a key element in improving the resilience of organizations. “Maintaining a close relationship with the Coalition is therefore an obvious choice for sharing knowledge,” emphasizes Bobbert.?

Member of the CSC's Enterprise Security Architecture (ESA) Focus Group, Frank Souffriau is an enterprise security architect at INNOCOM. For Frank, security architecture can play a crucial role in helping organizations adapt to NIS2 requirements. Beyond that, according to Frank, to improve resilience, organizations need to become more decentralized and democratic, involving all members at every level. While retaining some centralized measures, decentralized actions enable responsibilities to be shared, speeding up response to problems, empowering employees and strengthening resilience. A balance of appropriate controls and architectural discipline is essential to maintain a coherent security strategy aligned with business needs. His mantra: “we need to foster a culture where cyber-resilience is embedded in every decision and action”.?

?? Latest Podcast

The Cyber Security Coalition – Yesterday, today and tomorrow

The Coalition will mark its 10th anniversary on 26 January 2025 and will celebrate this milestone on February 20th in hotel Le Plaza in Brussels. In this podcast, the founders discuss the Coalition’s origins, its key achievements, and the path forward for the future.

?? Toen, nu en morgen | ?? Hier, aujourd’hui et demain ?

As we gear up for the upcoming European Cyber Security Month, the pace is set to intensify, promising a busy yet thrilling period ahead. With a packed agenda of events, workshops, and key discussions on the horizon, October will be an exciting opportunity to deepen our collective efforts in securing our digital landscape. #CyberSecMonth???

See you soon!

The Cyber Security Coalition Operations Team