Cybercrime: A ticking time bomb

Cybercrime is hot. While most companies are aware of the risks of a cyberattack, concrete action plans are rather rare. How do you deal with cybersecurity? How do you create awareness within your team? And what to do when faced with a cyberattack? 

In 2022, a total of 39.8 million euros was captured by phishers, which is an increase compared to the previous year (2021: 25 million euros)*. While most companies are aware of the risks of a cyberattack, concrete action plans are rather rare. How do you deal with cybersecurity? How do you create awareness within your team? And what to do when faced with a cyberattack?

In the context of European Cyber Security Month, we delve into some cases of companies that have recently become victims of cybercrime.

* Source: Don’t be fooled by a ‘phish’ (Febelfin.be)

Beveilig de dagelijkse back-ups

A brute force cyberattack

A meat processing SME’s cybersecurity was tested by a brute force attack in 2019. For months, hackers tried to crack passwords and access the company’s servers by using advanced algorithms. Until one day, all their machines and their e-commerce platform shut down.

The company heavily relies on the software it had developed, such as orders, intranets, the personnel platform and the network for clocking in and out. Moreover, 70% of sales takes place online. So the consequences were significant. E-commerce was down and a large part of the staff became temporarily unemployed, resulting in hours of backlog on the production lines.

As soon as the IT department sensed trouble, they immediately shut down all servers and secured daily backups as a preventive measure, even before they were sure it was a cyberattack. In retrospect, this turned out to be a good reflex, as it allowed them to nip the worst consequences of the crisis in the bud.

Communiceer effectief over een cyberaanval

Hackers often hide in a small corner

Even global players are not immune. An international company specializing in forklift parts fell victim to a ruthless ransomware attack. Despite high security, cybercriminals were still able to slip through the cracks. The company website and internal communications were disrupted, making online orders impossible.

Both local and international divisions of the company were affected. Moreover, companies that make intensive use of the company's products were indirect victims. Employees were temporarily unemployed. Only three weeks after the attack, one could once again place orders, albeit manually via email.

Due to the impact and consequences for the company and their customers, the media picked up on the matter. From the beginning, the company communicated effectively about the attack, with regular updates to avoid misinformation. Now, the company is working with an external expert for maximum security.

They could also count on a lot of external support. Where a cyberattack used to be embarrassing, today it is seen as something that can happen to anyone. Thanks to the support and open communication, they were able to manage the crisis well.

What can we learn from these incidents?

Put the procedures in place

The very first step is to define the procedures. Decide who is on the crisis management team and what steps to take in the event of a cyberattack. In doing so, also consider internal and external communication. What are the alternatives to email, landlines, online meeting tools ...? How do you communicate with customers, employees, suppliers ...? Make sure you have a hard copy of your crisis manual and an up-to-date incident response plan.

Train your employees

Create sufficient awareness within the team: train your employees to recognise phishing messages and share knowledge on current cyber threats. Also implement thorough cyber hygiene: keep systems up-to-date, use strong passwords and implement multi-factor authentication (MFA).

The Safeonweb awareness campaign of the CCB (Center for Cybersecurity Belgium) is all about phishing this year. The CCB developed a Safeonweb browser extension that indicates whether a website is trustworthy or not. You can download the extension at Safeonweb.be.

Some tools launched by the CCB in recent years:

• Test yourself with “How safe are you?

Pick reliable partners and detection tools

Regular backups and advanced monitoring are critical to detect suspicious activity early on. For this, you might work with an external party to equip yourself with the latest software.

Involve this partner in advance, do not wait until disaster strikes. An independent IT expert can take a critical look at your systems and identify critical issues:

  • The security of the physical location of the servers
  • Limited access to networks through segmentation
  • The security of the Operational Technology Systems (OT) and the confidentiality of the IT infrastructure
  • ...

Furthermore, cyber insurance is no unneccessary luxury.

Take the lead in communicating

Include communication to the media in your incident response plan as well. A well-developed plan is essential to act quickly and effectively in the event of a cyberattack. 

When your company falls victim, communicate openly and transparently from the beginning to remain the first source of information. Do not wait for the case to be picked up by the media, as you risk the story taking on a life of its own.

Take your first step today

This year, the CCB launched their Safeonweb Browser Extension. This allows you to see in an instant whether a website is safe to use.

Did you receive a suspicious message? Forward it to suspicious@safeonweb.be. Forwarded messages are automatically checked for links and attachments. After the scan, the CCB blocks fake URLs.

Do a cybersecurity exercise

Cybersecurity is a part of your company's crisis management culture. You can improve this with Food Security's simulation test. Simulate a hacking and find out how well your IT service and CMT are aligned.

More information on a simulation

Learn from experienced food industry companies and cyber experts

What is the impact on a food company when its digital security falls short? On Tuesday 14/11, Flanders' FOOD organizes their 7th free TRANSFORMers event, Cybersecurity4Food, at which Food Security will be present as a speaker. Together with several experts, we will share our vision on cyber security in the food industry at this seminar.

Reserve your spot

Learning points

March 2024
Eerste hulp bij consumentenklachten
First Line
Complaint

First aid for consumer complaints

When receiving a sensitive consumer complaint, a swift response is key. Proper complaint management directly affects consumer confidence in your brand and products.

Read more
March 2024
Ransomware en het (b)rouwproces
Cyber security

Guest article: Ransomware and the brewing process

A cyber crisis has long been a distant concern for many companies. Today, cybersecurity should be one of their top priorities. Every company is vulnerable, whether multinational...

Read more
February 2024
Een levendige veiligheidscultuur: jouw geheim wapen tegen crisissituaties
Crisis management
Cyber security
HR

A vibrant security culture: your secret weapon against crisis situations

Investing in a strong security culture is the best way to arm your company against internal and external threats. It is therefore crucial that your company recognizes risks at a...

Read more

Ready to reinforce your company against a crisis?

We offer you an external and objective view on the facts 24/7, including an evaluation of the situation and advice on how to handle it.

Creating a crisis management culture
Tailor-made training courses and tests
24/7 crisis support