Management column: cyber resilience across the chain
November 8, 2023
In this series of columns, we give the floor to directors and managers of Royal FloraHolland.
This time our CIO André van der Linden and Chief Information Security Officer, Bas Wevers discuss cyber resilience. It is important to make the floriculture industry more digitally resilient. That is why we are one of the initiators of the Cyber Resilience Centre Greenport. From this also comes the free RFH cyber subscription, through which we support growers and buyers with practical tools and expertise in their digital resilience.
Dutch people feel less safe online than on the streets. Statistics Netherlands (CBS) estimates that 2.2 million people will have become victims of cybercrime by 2022. In the horticultural sector, one in five entrepreneurs is a victim. Those figures do not show what happened to people. What is clear is that this is a major social problem. Yet we have hardly seen this topic mentioned in the context of the upcoming elections. Among politicians, we mostly see concerns about privacy, an open and secure internet and the dangers of AI technology.
In conversations with growers and buyers, we notice that the number of incidents is clearly increasing. That includes successful attempts, with the entrepreneur bemoaning afterwards that it happened to him or her. We see a sharp increase in spear phishing in particular. Criminals send personalised e-mails or requests based on extensive research on social media to their intended targets. Using this information, they trick their victims into thinking they are receiving a legitimate e-mail or invoice, for example. The cases we came across involved payments in the order of 100,000 euros. The gmail address used might differ by only one letter and the bank account is in a far-off foreign country. The scam can be prevented by a call to the already known number of the existing relationship.
Phishing
Cybercriminals use a range of methods besides the aforementioned 'spear phishing'. One method that regularly makes the news is ransomware, where your computer system is hijacked and you can no longer access anything. A ransom is then demanded. The advice from the police is invariably not to pay. The KNVB was recently a victim and it paid anyway. The criminals threatened to spread confidential information about professional footballers. The dilemma is clear. It is preventable by immediately taking the right measures to recover from a ransomware attack.
The examples show well why we talk about cyber resilience rather than cyber security or digital safety. The latter may suggest that it is mainly about taking measures at the level of IT systems, such as installing anti-virus programmes. In cyber resilience, the role of humans comes much more to the fore. Indeed, in practice, the biggest vulnerability is posed by humans. By clicking on a file in a phishing e-mail, the director or one of his employees gives criminals access to the system. Another risk is granting remote access to too large a group of people or, for convenience, giving a remote supplier access to the entire system. If the door is open to him, it is a route for criminals to try to break in.
Awareness and knowledge
People really are the weakest link. If at all possible, they choose the simplest password possible, share an account with colleagues in the department for convenience, grumble about the use of multi-factor authentication (MFA) or complain when they are forced to change the password. That weakest link is probably also the reason why 75 per cent of companies have experienced cybercrime to a greater or lesser extent. From Royal FloraHolland, we very emphatically see a responsibility towards the entire floriculture chain, especially towards our members. We want to make the entire chain and all parties involved more resilient.
With this in mind, we have co-initiated the creation of the Cyber Resilience Centre Greenport. This club focuses on strengthening the digital resilience of companies, especially in the greenhouse horticulture sector. Together with other parties, we work on awareness and knowledge. In cooperation with the Cyber Resilience Centre, we are introducing an RFH Cyber subscription for our supporters. We are doing this to help growers and buyers on their way to digital resilience.
The RFH cyber subscription includes:
André van der Linden and Bas Wevers
André is CIO and Bas is Chief Information Security Officer
Growers and buyers can sign up for the Royal FloraHolland Cyber subscription for free.
Royal FloraHolland - Cyber Resilience Centre Greenport (cwgreenport.nl) (in Dutch)
Or read more about our initiatives for a digitally secure marketplace on our website:
Royal FloraHolland | A digitally secure marketplace
Dutch people feel less safe online than on the streets. Statistics Netherlands (CBS) estimates that 2.2 million people will have become victims of cybercrime by 2022. In the horticultural sector, one in five entrepreneurs is a victim. Those figures do not show what happened to people. What is clear is that this is a major social problem. Yet we have hardly seen this topic mentioned in the context of the upcoming elections. Among politicians, we mostly see concerns about privacy, an open and secure internet and the dangers of AI technology.
In conversations with growers and buyers, we notice that the number of incidents is clearly increasing. That includes successful attempts, with the entrepreneur bemoaning afterwards that it happened to him or her. We see a sharp increase in spear phishing in particular. Criminals send personalised e-mails or requests based on extensive research on social media to their intended targets. Using this information, they trick their victims into thinking they are receiving a legitimate e-mail or invoice, for example. The cases we came across involved payments in the order of 100,000 euros. The gmail address used might differ by only one letter and the bank account is in a far-off foreign country. The scam can be prevented by a call to the already known number of the existing relationship.
Phishing
Cybercriminals use a range of methods besides the aforementioned 'spear phishing'. One method that regularly makes the news is ransomware, where your computer system is hijacked and you can no longer access anything. A ransom is then demanded. The advice from the police is invariably not to pay. The KNVB was recently a victim and it paid anyway. The criminals threatened to spread confidential information about professional footballers. The dilemma is clear. It is preventable by immediately taking the right measures to recover from a ransomware attack.
The examples show well why we talk about cyber resilience rather than cyber security or digital safety. The latter may suggest that it is mainly about taking measures at the level of IT systems, such as installing anti-virus programmes. In cyber resilience, the role of humans comes much more to the fore. Indeed, in practice, the biggest vulnerability is posed by humans. By clicking on a file in a phishing e-mail, the director or one of his employees gives criminals access to the system. Another risk is granting remote access to too large a group of people or, for convenience, giving a remote supplier access to the entire system. If the door is open to him, it is a route for criminals to try to break in.
Awareness and knowledge
People really are the weakest link. If at all possible, they choose the simplest password possible, share an account with colleagues in the department for convenience, grumble about the use of multi-factor authentication (MFA) or complain when they are forced to change the password. That weakest link is probably also the reason why 75 per cent of companies have experienced cybercrime to a greater or lesser extent. From Royal FloraHolland, we very emphatically see a responsibility towards the entire floriculture chain, especially towards our members. We want to make the entire chain and all parties involved more resilient.
With this in mind, we have co-initiated the creation of the Cyber Resilience Centre Greenport. This club focuses on strengthening the digital resilience of companies, especially in the greenhouse horticulture sector. Together with other parties, we work on awareness and knowledge. In cooperation with the Cyber Resilience Centre, we are introducing an RFH Cyber subscription for our supporters. We are doing this to help growers and buyers on their way to digital resilience.
The RFH cyber subscription includes:
- Regular cyber updates:
Stay informed with eight cyber update newsletters from the Cyber Resilience Centre Greenport. Receive important updates and stay alert to developments in cybersecurity. Learn from practical stories and background articles (free).
- Practical tools: Get access to practical tools designed to increase your cyber resilience. Protect your business against digital threats (free for members)
- Threat intelligence:
Receive regular overviews of threat information so you can proactively respond to potential threats (free).
- Exclusive events:
As a subscriber, you can participate in an annual event at Royal FloraHolland. Think crisis exercises or inspiring cybercafés. You will learn from experts and the network (free of charge).
- Offers:
Benefit from a collective offer for various services and services that take your cyber security to a higher level. Think antivirus software and monitoring services at attractive rates (paid).
Cybercrime is unfortunately a growing market. Cyber resilience and cybersecurity are top priorities for us. We are succeeding well in keeping criminals out of our marketplace. We wish the same for our members and customers. Hence this initiative. Take advantage of it before you regret not doing it.
André van der Linden and Bas Wevers
André is CIO and Bas is Chief Information Security Officer
Growers and buyers can sign up for the Royal FloraHolland Cyber subscription for free.
Royal FloraHolland - Cyber Resilience Centre Greenport (cwgreenport.nl) (in Dutch)
Or read more about our initiatives for a digitally secure marketplace on our website:
Royal FloraHolland | A digitally secure marketplace
-
Did you find this interesting?
Then share this article
-
Related articles
