Tag: Digital Trust Center

The 'My Cyber-resilient Business' subsidy scheme will reopen on September 2. Micro and small businesses can receive a subsidy through this scheme for the costs of purchasing and implementing one or more important cyber resilience measures. This year, the Digital Trust Center (DTC) is making a total of €1,000,000 available to lower the financial threshold. Small companies in particular experience this barrier when taking basic measures that increase resilience against cyber attacks.

Cyber ​​resilience in small businesses

Many small companies lag behind in their cyber resilience and do not yet take sufficient basic measures. The fact that a so-called 'cyber resilience gap' is emerging between cyber threats and the measures taken by small companies is confirmed in the Cybersecurity Monitor of Statistics Netherlands and the advice of the Cyber ​​Security Council . Analysis of the data from the CyberSafe Check for self-employed persons and SMEs shows that the top 3 measures already taken consist of antivirus software (76%), backups (74%) and recognizing phishing (68%).

If we divide the answers of almost 10,000 entrepreneurs who completed a cyber scan into the sectors in which they operate, we see differences in the extent to which cybersecurity measures have been taken.

View more data from the CyberSafe Check, with a score per sector for each basic measure.

Incentive for small businesses

With practical information, self-scans and the sharing of experience stories from entrepreneurs who have been affected by a cyber attack, the DTC encourages entrepreneurs to get the basics in order. However, this does not encourage every entrepreneur to improve cybersecurity. The evaluation of the pilot of 'My Cyber ​​Resilient Business' in 2023 shows that a financial incentive ensures that small companies start working on their cyber resilience and move more quickly to purchasing and implementing cyber security measures. That is why the DTC is reopening this subsidy scheme and this time making a larger subsidy budget available.

My Cyber-Resilient Business in short

The subsidy can be applied for by self-employed entrepreneurs and SMEs with a maximum of 50 employees and an annual turnover of up to € 10 million.
Eligible are measures that fall under the following categories:
Secure network access/wifi
Password manager
Two-factor authentication (2FA), two-step verification and multi-factor authentication (MFA)
Patch management
Antivirus software
Set up and test backups
Risk inventory and evaluation (RI&E)
Cyber ​​awareness training

The subsidy amounts to 50% of the costs for purchase or implementation, with a maximum of €1,250 per applicant.
The budget will be distributed in order of receipt of applications until the subsidy budget has been exhausted.

Apply for a subsidy in 3 steps

You can apply for a My Cyber-resilient Business subsidy in three steps. The first step is to know where your company's cybersecurity still falls short. With the CyberSafe Check for self-employed persons and SMEs you can download your own action list (PDF) with…

Getting started with cybersecurity

Do you have no knowledge and experience yet? Then tackle the subject of cybersecurity in a practical and phased manner with the CyberSafe Check for self-employed persons and SMEs . Know within 5 minutes what you need to do today to better protect your company against cyber attacks. Download your own to-do list and get started today with our practical instructions and tips.

Today the Digital Trust Center (DTC), part of the Ministry of Economic Affairs (EZ), published its 20th entrepreneurial story in a series in which real companies share their experiences with cybercrime. In the 20th story, the director-owner of Hoppenbrouwers tells how the Kaseya hack led to a impactful ransomware attack on the technology company. The story series aims to warn entrepreneurs about the increasing threat of cyber attacks and provide them with valuable advice to protect themselves.

The entrepreneurial stories provide insight into how companies, ranging from small businesses to medium and large companies, have fallen victim to various forms of cybercrime. The entrepreneurs had to deal with ransomware attacks , fake emails , identity fraud and brute force attacks . The stories highlight not only the impact of the attacks, but also the recovery strategies and preventative measures these companies have taken since then.

The latest entrepreneurial story is about the hack at technical service provider Hoppenbrouwers . Hoppenbrouwers suffered a ransomware attack in the summer of 2021. They were victims of the global Kaseya hack , which infected and encrypted their devices. The ransomware had spread to all booted computers during the afternoon.

For entrepreneurs by entrepreneurs

The recently published TNO research report “Safe digital entrepreneurship – Insight into motivations and barriers through target group segmentation” shows that entrepreneurs can be classified into five different groups based on their attitude towards cyber security. For example, the 'overconfident' and the 'indifferent' have been identified. For these groups, experience stories told by entrepreneurs are more effective in creating awareness. The stories of other entrepreneurs confront these groups of entrepreneurs with the reality of cyber threats and the serious consequences you experience if your company falls victim.

For the overconfident, who often underestimate the risks, stories about similar companies that fell victim can be an eye-opener. These stories help them realize that they too are vulnerable and this motivates them to take additional protective measures.

The indifferent generally have little confidence in the effectiveness of cybersecurity measures. Success stories of entrepreneurs who have managed to prevent or limit cyber attacks through timely and adequate action can be of great influence to them. By sharing these stories, these entrepreneurs can be inspired to take steps to increase their cyber resilience.

Inspiration and activation

Drawing attention to entrepreneurial stories is in line with the recommendations in this study, which emphasizes that customization and the right communication strategies are essential to effectively reach and activate various entrepreneurial target groups.

"By means of…

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

There are several media reports of a global computer outage following an update from cybersecurity company CrowdStrike. Windows computers in particular show a ' Blue screen of death ' (BSOD) / blue screen. This prevents the computers from starting up.

What is going on?

The most recent update of Crowdstrike Agent causes a Blue Screen of Death (BSOD).
Crowdstrike acknowledges the issues and is currently conducting research to resolve the issues.
patch been made available at this time However, a workaround been made available by CrowdStrike, which we share below in the action perspective.

The National Cyber ​​Security Center (NCSC) has confirmed that the workaround provided by CrowdStrike works. This is very labor intensive and must be carried out per system. The NCSC currently has no indication that the situation is the result of actions by malicious parties.

What can you do?

If you have not yet performed the latest update to Crowdstrike agent, we recommend that you do not do so until a verified solution is available. If the systems 'loop crash', it is advisable to take the following steps to perform a manual intervention:

Boot Windows to Safe Mode
Navigate to C:WindowsSystem32driversCrowdStrike directory in Explorer
Locate file “C-00000291-00000000-00000032.sys” file, right click and rename the file to “C-00000291-00000000-00000032.renamed” (the version may differ from your host)
Boot the host

Not sure how to apply this workaround? Then ask your IT service provider for help in carrying out the workaround. The Digital Trust Center (DTC) advises you to follow the NCSC reporting for the latest news.  

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

Two vulnerabilities have been fixed in Cisco Secure Email Gateway. This Cisco environment is intended to protect a user's email in the cloud. The vulnerabilities are classified as CVE-2024-20401 and CVE-2024-20429 .

The Cisco vulnerabilities receive a CVSS score of 9.8 (CVE-2024-20401) and a CVSS score of 6.5 (CVE-2024-20429), the vulnerabilities are rated as 'High/High' . This means that both the chance of misuse and the chance of damage are high. So far, Cisco indicates that it is not aware of any exploitation of this vulnerability.

What's the risk?

The most critical vulnerability (CVE-2024-20401) allows an unauthenticated attacker to send an email with a specially prepared (malicious) attachment:

Add users with root rights;
Adjust the device configuration;
Run arbitrary code;
and Cause a permanent Denial of Service (DoS).

The second vulnerability (CVE-2024-20429) concerns a so-called 'Server-Side Template Injection'. This allows an authenticated attacker with 'operator' privileges to remotely execute code with root privileges on the underlying system.

What can I do?

Cisco has released software updates for CVE-2024-20401 and CVE-2024-20429 to address the vulnerabilities. The Digital Trust Center (DTC) recommends implementing the recommended mitigation measures as soon as possible. If necessary, ask your IT service provider to help you with this.

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

 Although the data from the CyberSafe Check does not come from a scientific study, the high response rate can provide insight into the behavior surrounding the execution of automatic updates in the various sectors. The CyberSafe Check tool had to be completed last year by, among others, small companies that wanted to use the My Cyber-resilient Business subsidy .

The recently published CBS Cybersecurity Monitor shows that companies that are more involved with ICT or have a major interest in securing their data, such as the ICT sector or the financial sector, generally take more basic measures than companies in sectors where this seems less important. The CBS Cybersecurity Monitor has not published any figures about companies' update policies after 2020.

Information and communications sector most often sets automatic updates

The 'information and communications' sector most often reports having automatic updates set up on all internet-connected devices. Nearly three-quarters (73%) of entrepreneurs in this sector have set up automatic updates. Entrepreneurs in the 'business services' and 'financial services' industries also score relatively high on this at 66%.

Agriculture, forestry and fishing sectors are the least likely to set automatic updates

Entrepreneurs in the 'agriculture, forestry and fishing' sector are the least likely to set up automatic updates. Just over half of this sector (55%) has done this, followed by the sectors 'real estate' (57%) and 'industry and energy' and 'trade, transport and catering' (both 58%).