This week IT Europa attended Cyber Security Week in The Hague, an annual event to promote partnerships and business growth in the field of data security. Continuing our coverage, here’s a round-up of this week’s events.
The Hague promotes itself as the “international city of peace and justice”, helped by the fact the International Court of Justice is seated in the Peace Palace here, along with the International Criminal Court (ICC), Europol, Eurojust, the Organisation for the Prohibition of Chemical Weapons (OPCW), and around 160 other international organisations in the field of peace, justice and international law, being located in the city.
It’s probably no surprise therefore that criminals see the city as a prime target for data theft. Russians with diplomatic status were accused of trying to hack the Wi-Fi network of the OPCW in 2018, and the ICC is still recovering after unnamed attackers hacked into its network last month.
The Municipality of The Hague is aware of the threats, which is why it hosts the annual Hack The Hague event as part of Cyber Security Week. This year, the one day event involved about 120 attackers hosted at the local authority’s city centre HQ, and being set the challenge of finding vulnerabilities in the city’s systems, in return for cash prizes. The competition was sponsored by Trend Micro, Darktrace, KPN and BDO, among others.
Before the day’s 4pm deadline, Jeroen Schipper, chief information security officer of The Hague, said 50 vulnerabilities had already been found, with the likes of Darktrace aiming to fix them as soon as possible after their discovery. Six of the vulnerabilities were deemed “serious”.
Schipper said: “We have over 700 applications to manage and patch on-prem and in the cloud, so it’s a useful exercise.”
Regarding the recent ICC hack, he said: “We jumped in to help with other organisations, but I don’t know whether they have fully recovered from the attack yet.”
IT Europa also sat down with Hans de Vries, director for Holland’s National Cyber Security Center, who had just spoken at the city’s annual ONE Conference for cyber security.
On the event, he said: “We have no marketing here, it’s not an RSA with 45,000 people and full of booths with people saying ‘buy my product and save the world’, we know that’s BS.”
He had a few cyber security tips when it comes to dealing with attacks:
-Make sure you have the right contacts stored for mitigating attacks, as they can change without you knowing
-Have a crisis management plan both in digital form and on paper, if your system is down you might not be able to access it off paper
-Being in the cloud can be safer than being on-prem – if it’s bombed you don’t have access to it
-Governments often move slower than private companies, who are more adaptable – public/private ties should be strengthened
-Two-factor authentication helps a lot. Those who have it are better protected as hackers quickly move onto the next target that doesn’t have it, as they can’t be bothered to work out the next stage of the attack
