NIS2 has failed already!

NIS2 has failed already!

An often heard, maybe slightly denigratory, question when it comes to Belgium is “Oh yeah? Name a famous Belgian… “

But one thing we can all agree on is that Belgium is well known for its excellent beers (and chocolate, and Belgian fries). One of the more famous ones is Duvel, a Belgian Pale Strong Ale style beer brewed by Brewery Duvel Moortgat in Breendonk-Puurs. Tourists sometimes struggle with it, because although it is fine and sweet with a very clean flavor, its alcohol percentage can sneak up on you fast.

Another thing Belgians are famous for is our laissez-faire attitude. I sometimes (too many times) hear “ach doe maar gewoon, dat is al gek genoeg” meaning “let’s not do too many things out of the ordinary”. Usually it refers to personal behavior, but it is often a bit of a corporate mindset as well. Sometimes this leads to “doing things like we’ve always done them” or “why change what works?”

A few days ago, the Duvel Moortgat brewery was a victim of ransomware and had to halt production of a.o. Duvel, and my personal favorite beer, La Chouffe. Now to “unbury” the lead, NIS2 classifies critical (essential) infrastructure, including food production, but Duvel is not on the list. (important but not essential https://ccb.belgium.be/en/nis-2-directive-what-does-it-mean-my-organization#_Toc128118852) For Belgians, I don’t think there is anything more essential than beer production, so a big miss by NIS2 there! ;-)*

All joking aside, it is clear anyone can be a victim of these heinous attacks. Preventative measures can only do so much. You need to incorporate a cyber resiliency approach. If the worst happens, how do you bounce back successfully? So we need to shift our mindset a little here, clearly “why change what works” doesn’t work anymore. We need to focus on getting operational as quickly as possible, as safely as possible.

Building thicker walls hasn't been a great strategy, data breaches and ransomware continue to be a daily occurrence. Backup isn't Cyber Resilience. Ask yourself these questions:

  • Is your backup infrastructure and data 100% immutable?
  • How do you know what was encrypted if EDR is bypassed?
  • What sensitive data was on the network and at risk from exfiltration?
  • How quickly can you find a clean recovery point and not re-infect your production environment?
  • How do you automate recovery, reduce downtime, test and prove it actually works?

Let's do things differently, even if NIS2 is not forcing us.

*Obvious joke was not obvious enough

Jan De Bondt

Director Audit and Business Consultancy

1 年

"Now to “unbury” the lead, NIS2 classifies critical infrastructure, including food production, but Duvel is not on the list." What do you mean by Duvel is not on the list ? ‘Food’ includes drink, chewing gum and any substance, including water, intentionally incorporated into the food during its manufacture, preparation or treatment (cfr. regulation 178/2002)...

Olivier Menil

Trusted in a Zero Trust world

1 年

It's very sad to see/read on your article that prevention is not working .... prevention is working and is working very well. What is impossible if to promise 100% prevention (and even there I would suggest you to read the latest MITRE report) but it's very doable to raise the bar very high. Cybersecurity is a process :)

Alain Geenrits

As a Tech Enabler I help explain, create , secure and monitor your Infrastructure architectures, from Virtualization and Cloud to Microservices.

1 年

Interestingly few people react to the fact that Beyers Coffee - Belgium biggest coffee roaster - 2 km from Moortgat was also hit. ??the distance for these two ransomware attacks makes me think someone is using the old dropped usb stick trick.

Alain Geenrits

As a Tech Enabler I help explain, create , secure and monitor your Infrastructure architectures, from Virtualization and Cloud to Microservices.

1 年

I would say Adolphe Saxe (saxophone), Leo Baekeland (Bakelite), Georges Simenon, jacques Brel, Jean-Claude Van Damme and Georges Lemaitre (both Big Bang). ??

要查看或添加评论,请登录

Filip Verloy的更多文章

  • Rubrik Cloud Resilience Summit Recap

    Rubrik Cloud Resilience Summit Recap

    Last week Rubrik held it's Cloud Resilience Summit, which is available on-demand in full and I highly recommend you…

    1 条评论
  • The Problem Is Not That You Don't Know What to Do, The Problem Is That You Haven't Been Doing What You Know You Should.

    The Problem Is Not That You Don't Know What to Do, The Problem Is That You Haven't Been Doing What You Know You Should.

    We've all been there. Another major data breach hits the headlines.

    4 条评论
  • A reMarkable 2 Review

    A reMarkable 2 Review

    Since I and many others have started looking at the reMarkable tablet for work, I thought the review would not be out…

    30 条评论
  • The Cybersecurity Paradigm Shift

    The Cybersecurity Paradigm Shift

    An often heard concern from customers is that they need to manage too many security point solutions, depending on the…

    4 条评论
  • Sharks vs Cigarettes

    Sharks vs Cigarettes

    A plastic shark in the movies will keep people from swimming in the ocean, but a warning label on a packet of…

    1 条评论
  • API Security's James Webb Moment

    API Security's James Webb Moment

    it's not what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.

    2 条评论
  • Embrace the power of boredom

    Embrace the power of boredom

    We have ignored the power of boredom, because the world keeps distracting us. Seasonal changes drive us to think…

    2 条评论
  • Doing more with less sometimes takes a little investment.

    Doing more with less sometimes takes a little investment.

    In times of economic uncertainty, businesses need to be mindful of their technology investments and how they can be…

  • Lukewarm is no good, the Power of Intrinsic Motivation.

    Lukewarm is no good, the Power of Intrinsic Motivation.

    British author Roald Dahl wrote in his book My Uncle Oswald; "Lukewarm is no good. Hot is no good either.

    1 条评论
  • Beating Bill Gates at Wordle!

    Beating Bill Gates at Wordle!

    Bill Gates is famously a New York Times Wordle addict. As he wrote on his blog Gates Note' in August of last year, he…

    1 条评论

社区洞察

其他会员也浏览了