NIS2 has failed already!
An often heard, maybe slightly denigratory, question when it comes to Belgium is “Oh yeah? Name a famous Belgian… “
But one thing we can all agree on is that Belgium is well known for its excellent beers (and chocolate, and Belgian fries). One of the more famous ones is Duvel, a Belgian Pale Strong Ale style beer brewed by Brewery Duvel Moortgat in Breendonk-Puurs. Tourists sometimes struggle with it, because although it is fine and sweet with a very clean flavor, its alcohol percentage can sneak up on you fast.
Another thing Belgians are famous for is our laissez-faire attitude. I sometimes (too many times) hear “ach doe maar gewoon, dat is al gek genoeg” meaning “let’s not do too many things out of the ordinary”. Usually it refers to personal behavior, but it is often a bit of a corporate mindset as well. Sometimes this leads to “doing things like we’ve always done them” or “why change what works?”
A few days ago, the Duvel Moortgat brewery was a victim of ransomware and had to halt production of a.o. Duvel, and my personal favorite beer, La Chouffe. Now to “unbury” the lead, NIS2 classifies critical (essential) infrastructure, including food production, but Duvel is not on the list. (important but not essential https://ccb.belgium.be/en/nis-2-directive-what-does-it-mean-my-organization#_Toc128118852) For Belgians, I don’t think there is anything more essential than beer production, so a big miss by NIS2 there! ;-)*
All joking aside, it is clear anyone can be a victim of these heinous attacks. Preventative measures can only do so much. You need to incorporate a cyber resiliency approach. If the worst happens, how do you bounce back successfully? So we need to shift our mindset a little here, clearly “why change what works” doesn’t work anymore. We need to focus on getting operational as quickly as possible, as safely as possible.
领英推荐
Building thicker walls hasn't been a great strategy, data breaches and ransomware continue to be a daily occurrence. Backup isn't Cyber Resilience. Ask yourself these questions:
Let's do things differently, even if NIS2 is not forcing us.
*Obvious joke was not obvious enough
Director Audit and Business Consultancy
1 年"Now to “unbury” the lead, NIS2 classifies critical infrastructure, including food production, but Duvel is not on the list." What do you mean by Duvel is not on the list ? ‘Food’ includes drink, chewing gum and any substance, including water, intentionally incorporated into the food during its manufacture, preparation or treatment (cfr. regulation 178/2002)...
Trusted in a Zero Trust world
1 年It's very sad to see/read on your article that prevention is not working .... prevention is working and is working very well. What is impossible if to promise 100% prevention (and even there I would suggest you to read the latest MITRE report) but it's very doable to raise the bar very high. Cybersecurity is a process :)
As a Tech Enabler I help explain, create , secure and monitor your Infrastructure architectures, from Virtualization and Cloud to Microservices.
1 年Interestingly few people react to the fact that Beyers Coffee - Belgium biggest coffee roaster - 2 km from Moortgat was also hit. ??the distance for these two ransomware attacks makes me think someone is using the old dropped usb stick trick.
As a Tech Enabler I help explain, create , secure and monitor your Infrastructure architectures, from Virtualization and Cloud to Microservices.
1 年I would say Adolphe Saxe (saxophone), Leo Baekeland (Bakelite), Georges Simenon, jacques Brel, Jean-Claude Van Damme and Georges Lemaitre (both Big Bang). ??