As many as 60 percent of companies go bankrupt within the first six months of a cyberattack. It is therefore high time that businesses become much more aware of the risks and consequences of attacks. The CyberSecurity Noord-Nederland Program aims to increase that awareness and make concrete knowledge, tools and expertise available to help SMEs secure themselves. “The need to take action is really tremendous,” says project leader Annette Dupree.
To meet challenges related to cybersecurity, the CyberSecurity Noord-Nederland Program was launched as a collaboration between the government and northern knowledge institutions, Rijksuniversiteit Groningen (RUG, the program’s coordinator), Noorderpoort and Hanzehogeschool Groningen, and the CyberSecurity Noord-Nederland Foundation. Dupree, project leader at Hanze University, says: “For SMEs, and we have many of those in the region, the damage caused by cyberattacks is very serious. Within this program we therefore focus specifically on the security of SMEs.”
There is still too little attention being paid to the problem, according to Joris Mellens, lecturer at Hanzehogeschool Groningen and researcher at CyberSecurity Noord-Nederland. “Cybersecurity is generally not seen as very ‘fancy’. It’s not attractive to spend money on it. It doesn’t improve your product and is really not much more than insurance for your business. But just look at the numbers: awareness is needed more than ever.”
Secure passwords and smart devices
On the one hand, the program from CyberSecurity Noord-Nederland focuses on SMEs in the broadest sense and on the tools they can use to improve their digital security. “Actually, all companies benefit from this knowledge. The trick is to offer information in a way that is as comprehensible as possible so that they no longer have to dig through books themselves,” says Mellens. “Think of transferring knowledge in the field of office automation and secure software development. Many cyberattacks can be easily prevented by this.” The program also includes sessions for entrepreneurs to make them aware of the risks while helping them with this kind of easy-to-use advice.
The program also focuses on suppliers of smart devices such as smartwatches, for example, or other devices that are connected to the ‘internet of things (IOT)’. One of the companies that the program contacted to learn more about the application of cybersecurity is Climotion. This company focuses on climate control for large properties in the region. Mellens explains: “They use many IOT devices and have small hubs to control them. They are collecting information to optimize their product and that has to be done securely. We are working with them to find ways to do that safely to then be able to use that knowledge to help other companies further.”
It’s not just technology that’s at the top of the priority list. Just as important is transferring knowledge on a legal level. “The combination of the two in one program is relatively new in the Netherlands,” says Dupree. “In the legal field, there is a lot going on. Think, for example, of questions like ‘Who is liable if things go wrong with the smart devices you sell as a retailer? ‘ Or ‘How is the accessibility of data from medical apps and devices regulated?’ Within the program, research is being done into this. The results will soon be available to entrepreneurs in SMEs.”
Detect as early as possible
Cybercrime does not stand still; new risks are constantly emerging. Besides contributing to awareness and providing tools and practices for mitigating and resolving risks, it is interesting to see what can be done early in the process. Dupree says: “That’s why the program also looks more specifically at how you can build security into the development process. This will not only benefit today’s ICT developers but through education, also the developers of tomorrow and the day after tomorrow.”
The program will also be further developed in the near future when it comes to technology. “We are currently still focusing on detecting vulnerabilities, but in the coming years we want to work further on ‘patching’: automatically solving vulnerabilities and problems in the software,” says Mellens. “That’s going to be quite a challenge. We already have an intern in mind who can work on that.” Students from various intermediate vocational, higher vocational and university education institutions are also involved in the other components of the cybersecurity program.
Tips for your own use
Finally, Mellens offers a few handy tips that, while simple and easy to apply, are still very important. “I’ve done research on attacks on IoT devices and the bulk of them are because passwords are still often too simple. Instead of a short password, go for a phrase. Make sure you use at least 12 to 14 characters.” And here is a second tip that comes in handy while browsing the Internet: “When you log in, for example, to your bank page, pay close attention to the padlock in the top left corner. That lock means that the traffic between you and the website is encrypted, and no one is listening in.”