My Cyber Resilient Business grant for small businesses opens
The 'My Cyber-resilient Business' subsidy scheme will reopen on September 2. Micro and small businesses can receive a subsidy through this scheme for the costs of purchasing and implementing one or more important cyber resilience measures. This year, the Digital Trust Center (DTC) is making a total of €1,000,000 available to lower the financial threshold. Small companies in particular experience this barrier when taking basic measures that increase resilience against cyber attacks.
Cyber resilience in small businesses
Many small companies lag behind in their cyber resilience and do not yet take sufficient basic measures. The fact that a so-called 'cyber resilience gap' is emerging between cyber threats and the measures taken by small companies is confirmed in the Cybersecurity Monitor of Statistics Netherlands and the advice of the Cyber Security Council . Analysis of the data from the CyberSafe Check for self-employed persons and SMEs shows that the top 3 measures already taken consist of antivirus software (76%), backups (74%) and recognizing phishing (68%).
If we divide the answers of almost 10,000 entrepreneurs who completed a cyber scan into the sectors in which they operate, we see differences in the extent to which cybersecurity measures have been taken.
View more data from the CyberSafe Check, with a score per sector for each basic measure.
Incentive for small businesses
With practical information, self-scans and the sharing of experience stories from entrepreneurs who have been affected by a cyber attack, the DTC encourages entrepreneurs to get the basics in order. However, this does not encourage every entrepreneur to improve cybersecurity. The evaluation of the pilot of 'My Cyber Resilient Business' in 2023 shows that a financial incentive ensures that small companies start working on their cyber resilience and move more quickly to purchasing and implementing cyber security measures. That is why the DTC is reopening this subsidy scheme and this time making a larger subsidy budget available.
My Cyber-Resilient Business in short
The subsidy can be applied for by self-employed entrepreneurs and SMEs with a maximum of 50 employees and an annual turnover of up to € 10 million.
Eligible are measures that fall under the following categories:
Secure network access/wifi
Password manager
Two-factor authentication (2FA), two-step verification and multi-factor authentication (MFA)
Patch management
Antivirus software
Set up and test backups
Risk inventory and evaluation (RI&E)
Cyber awareness training
The subsidy amounts to 50% of the costs for purchase or implementation, with a maximum of €1,250 per applicant.
The budget will be distributed in order of receipt of applications until the subsidy budget has been exhausted.
Apply for a subsidy in 3 steps
You can apply for a My Cyber-resilient Business subsidy in three steps. The first step is to know where your company's cybersecurity still falls short. With the CyberSafe Check for self-employed persons and SMEs you can download your own action list (PDF) with…
My Cyber Resilient Business grant for small businesses opens
Getting started with cybersecurity
Do you have no knowledge and experience yet? Then tackle the subject of cybersecurity in a practical and phased manner with the CyberSafe Check for self-employed persons and SMEs . Know within 5 minutes what you need to do today to better protect your company against cyber attacks. Download your own to-do list and get started today with our practical instructions and tips.
DTC shares 20th entrepreneurial story: practical lessons against cybercrime
Today the Digital Trust Center (DTC), part of the Ministry of Economic Affairs (EZ), published its 20th entrepreneurial story in a series in which real companies share their experiences with cybercrime. In the 20th story, the director-owner of Hoppenbrouwers tells how the Kaseya hack led to a impactful ransomware attack on the technology company. The story series aims to warn entrepreneurs about the increasing threat of cyber attacks and provide them with valuable advice to protect themselves.
The entrepreneurial stories provide insight into how companies, ranging from small businesses to medium and large companies, have fallen victim to various forms of cybercrime. The entrepreneurs had to deal with ransomware attacks , fake emails , identity fraud and brute force attacks . The stories highlight not only the impact of the attacks, but also the recovery strategies and preventative measures these companies have taken since then.
The latest entrepreneurial story is about the hack at technical service provider Hoppenbrouwers . Hoppenbrouwers suffered a ransomware attack in the summer of 2021. They were victims of the global Kaseya hack , which infected and encrypted their devices. The ransomware had spread to all booted computers during the afternoon.
For entrepreneurs by entrepreneurs
The recently published TNO research report “Safe digital entrepreneurship – Insight into motivations and barriers through target group segmentation” shows that entrepreneurs can be classified into five different groups based on their attitude towards cyber security. For example, the 'overconfident' and the 'indifferent' have been identified. For these groups, experience stories told by entrepreneurs are more effective in creating awareness. The stories of other entrepreneurs confront these groups of entrepreneurs with the reality of cyber threats and the serious consequences you experience if your company falls victim.
For the overconfident, who often underestimate the risks, stories about similar companies that fell victim can be an eye-opener. These stories help them realize that they too are vulnerable and this motivates them to take additional protective measures.
The indifferent generally have little confidence in the effectiveness of cybersecurity measures. Success stories of entrepreneurs who have managed to prevent or limit cyber attacks through timely and adequate action can be of great influence to them. By sharing these stories, these entrepreneurs can be inspired to take steps to increase their cyber resilience.
Inspiration and activation
Drawing attention to entrepreneurial stories is in line with the recommendations in this study, which emphasizes that customization and the right communication strategies are essential to effectively reach and activate various entrepreneurial target groups.
"By means of…
DTC shares 20th entrepreneurial story: practical lessons against cybercrime
Secure digital business
As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .
Global computer outage after Crowdstrike update
There are several media reports of a global computer outage following an update from cybersecurity company CrowdStrike. Windows computers in particular show a ' Blue screen of death ' (BSOD) / blue screen. This prevents the computers from starting up.
What is going on?
The most recent update of Crowdstrike Agent causes a Blue Screen of Death (BSOD).
Crowdstrike acknowledges the issues and is currently conducting research to resolve the issues.
patch been made available at this time However, a workaround been made available by CrowdStrike, which we share below in the action perspective.
The National Cyber Security Center (NCSC) has confirmed that the workaround provided by CrowdStrike works. This is very labor intensive and must be carried out per system. The NCSC currently has no indication that the situation is the result of actions by malicious parties.
What can you do?
If you have not yet performed the latest update to Crowdstrike agent, we recommend that you do not do so until a verified solution is available. If the systems 'loop crash', it is advisable to take the following steps to perform a manual intervention:
Boot Windows to Safe Mode
Navigate to C:WindowsSystem32driversCrowdStrike directory in Explorer
Locate file “C-00000291-00000000-00000032.sys” file, right click and rename the file to “C-00000291-00000000-00000032.renamed” (the version may differ from your host)
Boot the host
Not sure how to apply this workaround? Then ask your IT service provider for help in carrying out the workaround. The Digital Trust Center (DTC) advises you to follow the NCSC reporting for the latest news.
Global computer outage after Crowdstrike update
Secure digital business
As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .
Severe Vulnerabilities in Cisco Secure Email Gateway
Two vulnerabilities have been fixed in Cisco Secure Email Gateway. This Cisco environment is intended to protect a user's email in the cloud. The vulnerabilities are classified as CVE-2024-20401 and CVE-2024-20429 .
The Cisco vulnerabilities receive a CVSS score of 9.8 (CVE-2024-20401) and a CVSS score of 6.5 (CVE-2024-20429), the vulnerabilities are rated as 'High/High' . This means that both the chance of misuse and the chance of damage are high. So far, Cisco indicates that it is not aware of any exploitation of this vulnerability.
What's the risk?
The most critical vulnerability (CVE-2024-20401) allows an unauthenticated attacker to send an email with a specially prepared (malicious) attachment:
Add users with root rights;
Adjust the device configuration;
Run arbitrary code;
and Cause a permanent Denial of Service (DoS).
The second vulnerability (CVE-2024-20429) concerns a so-called 'Server-Side Template Injection'. This allows an authenticated attacker with 'operator' privileges to remotely execute code with root privileges on the underlying system.
What can I do?
Cisco has released software updates for CVE-2024-20401 and CVE-2024-20429 to address the vulnerabilities. The Digital Trust Center (DTC) recommends implementing the recommended mitigation measures as soon as possible. If necessary, ask your IT service provider to help you with this.
Severe Vulnerabilities in Cisco Secure Email Gateway
Secure digital business
As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .
One in three small businesses doesn't do automatic updates
Secure digital business
As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs or the Basic Cyber Resilience Scan .
One in three small businesses doesn't do automatic updates
Comparison with the Safe Digital Entrepreneurship report
In the recently published TNO research report Safe Digital Entrepreneurship , which provides insight into motivations and barriers of entrepreneurs to take cybersecurity measures, a question was also asked about the application of automatic updates to company equipment and software. To the statement “My company/organization ensures that automatic updating is enabled on equipment and software within the organization.”, 795 respondents from various sectors provided an answer.
It is striking that these data also show that the 'agriculture, forestry, fishing and mineral extraction' sector (60%), followed by the real estate sector (61%), seem to apply this measure least often. The financial services sector also scores relatively high (84%), just as in the CyberSafe Check data.
However, the energy sector scores remarkably higher in the data from the TNO study than in the data from the CyberSafe Check. A possible explanation for this may be that the research groups cannot be fully compared, for example due to differences in company size. The CyberSafe Check is aimed at self-employed people and small SMEs (1-50 employees), where the TNO research has a research group from self-employed persons to large companies (1-400 employees).
The TNO data shows that the companies from the industry and energy sector that participated in the research are significantly underrepresented by self-employed people, and significantly overrepresented by employees with a company size of 50-249 employees. Previous research has shown that larger companies take more cybersecurity measures than smaller companies .