Ewald Coenraad
More and more companies have come to realise that cybercrime can pose a serious threat to the organisation, and in the worst case lead tobankruptcy. Just think of the nightmare of ransomware in your company. Knowing where you stand as a company, good preparation, technical measures and an elaborated scenario for when things unexpectedly go wrong are the keys to success in cyber security. The Cyber Resilience Team knows exactly what to do and helps companies in the industry to increase their cyber resilience.
More attention is needed for the digital resilience of high-risk companies. A number of companies are already putting cyber security into practice, but a large proportion are not paying enough attention to it. This is evident from a recently published report by DCMR. The results of the report fit the imagethat I have gottenover the past years,' says Ewald Coenraad. He is a cyber security expert inthe Cyber Resilience Team. He still sees that many industrial companies assume that their OT (the operating systems of the installations) are separate from the office IT and the internet.
Undetected internet connections
In many cases, however, connections between the OT and the internet go unnoticed,' says Ewald. These are established, for example, because a supplier has installed a temporary or permanent connection to the internet during the construction of the installation, for testing or maintenance purposes. Sometimes people forget to inform IT about the connections. When a company asks me to develop a plan of action for cyber resilience, I therefore always start with a maturity check (how resilient is the company really) and in many cases I discover connections between the OT and the Internet that the client was not yet aware of.'
"What works for you?" 
This was also the case in a recent assignment for a large tank terminal in Rotterdam's Botlek area. In consultation with the client we examined the entire company, identified all the necessary improvementsand implemented them,' says Ewald. It always starts with knowing exactly where you stand in terms of resilience. Then you choose the solution thatworks for you. I think it's important to offer a customised solution. Clients are not usually keen on having the whole IT system 'locked down'; after all, they still have to be able to work as usual. That's why, together with the client, you have to find the balance between security and workability. With a good backup system - preferably several at different physical locations - you can prevent a lot of trouble, for example.
Working from home
The explosive increase in working from home during the covid pandemic also has an impact on cyber resilience. Employees log into their company systems, but through their own home connection, which is not always very secure. That's certainly a consideration you have to take into account in your plan of approach,' says Ewald. Setting up a Business Continuity Plan, of which the back-up plan is an important part, is necessary for all companies, large or small.
Raising awareness across the sector
With a view to the somewhat smaller companies, Ewald recently shared his expertise at an iTanks Pitch Breakfast, a breakfast meeting for companies in the Rotterdam port area. The target group there mainly consisted of suppliers to the larger industrial companies. I wanted to make clear to them that they too must prepare themselves. If their customers want to increase their cyber security, that means they also have to tackle the vulnerabilities in their supply chain. After all, a hack of a supplier can still harm those end customers. In other words: if the larger industrial companies start taking serious measures, it won't be long before they also start imposing stricter requirements on their (smaller) suppliers in this area. This awareness must therefore increase throughout the sector. Cyber Resilience Team can also provide support here.
Want to know more?
Take a look at https://cr-team.eu for tips & tricks, current affairs, or request an informal meeting. To view the DCMR report, click here. In October and November, the government will be holding various free webinars on cyber security. Keep an eye on this website: https://www.weerbaredigitaleoverheid.nl/.