"If you want your phone to be 100% safe, you have to smash and burn it. But then it's not really usable any more, of course. So as a Security Officer you have to constantly find the balance between optimal security and workability for colleagues."
Ron Feddema is Chief Information Security Officer at Vencomatic Group, he sees the importance of his position increasing considerably with the recent rise in the number of hacks. "It's not a question of if, but when it will be our turn. I have to admit that sometimes it keeps me awake."
"There is an increase in hacks, where often company data is encrypted by criminals who then ask for a ransom. The recent hack at IT company Kaseya had a particularly strong impact, as their software is used by many companies to remotely control computers. Apparently a hacker had discovered a leak with which they could infect 1500 Kaseya customers. That's how fast things move nowadays."
"So an IT service provider can pose risks, but you have to be especially alert to so-called 'supply chain hacks'. Because if a supplier is hacked, he may not be able to deliver, and a customer may not be able to buy. Hackers look for the weakest link in the supply chain, as Vencomatic Group we want to make sure that we are not that link. But we also help customers and suppliers with their awareness."
"Indeed it is. You can technically solve a lot with filters and firewalls, but people are the last link if the technology fails. We cannot emphasise this enough. Our main task is therefore to raise awareness of the dangers, for example by showing powerful examples. This is not just about clicking on files in 'phishing mails', but also, for example, an infected USB stick being inserted into a business laptop."
"Because awareness is so important, we have mandatory periodic training for all employees with computers, and new employees receive more extensive training. We occasionally send around a 'malicious' email and see how employees react to it."
"We are also affiliated to various groups dealing with cyber security, such as Brainport's Cyber Resilience Centre. From this centre we are also working on a certification system, so that as a company you can get a 'quality stamp' for your approach. I regularly meet with similar companies to discuss cases and learn from each other. You can't do this on your own anymore."
"I actually rolled into it slowly, I started doing more and more information security. When a colleague left, I took over his role in information security and from there I started to specialise more and more in cybersecurity. I find it particularly challenging to get that big stone rolling, to make sure the subject is considered important. You often take two steps forward and one step back, but the important thing is that there is movement."
"Of course, the business must be able to continue working, you have to find the right balance. Cybersecurity is often seen as the NO camp, but you have to make the right trade-offs. The ultimate goal is to reduce the risk to an acceptable level."
"Vencomatic Group's products also include more and more automation, so we secure the information security already in the development process. We map out the risks, also for the customer, and include them in the design. Customers still often work with old systems, so if you want to link them to new systems you have to be very careful."
"But the biggest danger in cybersecurity remains 'phishing', an email that wants to inspire confidence but then tries to install malicious software. That is actually the biggest concern, so we keep reminding colleagues to stay alert. That is how we can prevent the worst."