Many SMEs do not have their resilience against cyber attacks in order. The Cybersecurity Center Manufacturing Industry (CCM) provides resilience analyses in the East of the Netherlands to help small to medium-sized enterprises improve their resilience. Liesbeth Holterman, project leader CCM, explains during the online knowledge week Industrial Cyber Security more about this initiative.
By: Dimitri Reijerman
Holterman is affiliated with the CCM as a cyber security expert. She explains how they came into being: “We are an organization that falls under the Novel-T foundation. The goal of the CCM is to have cyber security land in the eastern Netherlands. We came into being two years ago because the knowledge sharing about cyber security within the non-vital business community was lagging behind. The central government also made money available to set up so-called 'resilience centers'. We at the CCM received money from the RVO for this.”
According to Holterman, there is still a lot of work to be done at the base to raise the resilience level of Dutch businesses to a higher level. “There is still a lot of mission work to be done to put cyber security on the map within SME manufacturing companies,” she says. “But there are also plenty of companies that experience a cyber incident and wonder how they can prevent it the next time. We offer entrepreneurs a risk assessment specially developed for entrepreneurs who deal with both IT and OT security.”
She continues: “We have developed a cybersecurity quick scan for this. This is a risk assessment that is carried out by one of the cybersecurity experts we work with. They will spend a day examining the company on numerous facets of cybersecurity. In addition to a bit of governance, such as legislation & regulations, this specifically involves both the IT and OT environments. For example, how does a company deal with portable media, such as the use of USB sticks in production environments? But we also look at the management measures around IT and OT.”
The chosen form of the quick scans of the CCM, a visit to SME companies in the manufacturing industry and conducting interviews, makes it different from regular cyber security audits: “We do not do pen tests; a quick scan is made based on interviews with various employees within a company: from product manager and management to external suppliers of IT services. Afterwards you will receive a customized report in which it is indicated per component where steps are needed. The reports are accessible and therefore intended for the 'unconscious, incompetent entrepreneur'.”
Due to the corona crisis, work at the CCM was also on the back burner at the beginning of this year, but entrepreneurs are now starting to pay more attention to the quick scans again, says Holterman: “Due to the corona pandemic, everything came to a virtual standstill from March because physical visits were not possible. We can now also perform the scan digitally and remotely. We have now helped thirty companies and three to four are added every month.”
During the webinar that Holterman during the online knowledge week Industrial Cyber Security, she wants to go back to the basics for good resilience: “Many lectures are probably intended for an audience that already knows a bit more about cybersecurity. My lecture is about the basic measures and the experiences of entrepreneurs who have performed the cybersecurity quick scan. We often forget the importance of patching, network segmentation and a virus scanner in the OT environment, for example. That is what I want to talk about. Because sometimes we are too inclined to skip too many steps and forget the basic steps.”
Nederlands