Sergii Figurnyi - Fotolia
After the terrorist attacks in Brussels and Zaventem, Belgium’s physical security has been labelled inadequate and in urgent need of improvement. But what about cyber security and cyber threats? Is Belgium a “failed digital state”?
There is some good news for the country’s cyber security. Belgium is one of the countries least affected by online banking trojans.
And there is a very good reason for that, according to Eddy Willems, security evangelist at Gdata Software. “Most Belgian banks use advanced authentication system, which makes it more difficult for cyber criminals to obtain the required authentication details to get entrance to the victim’s bank account,” he said.
Willems added that because there are easier targets in other countries, Belgium’s bank customers are generally left in peace. He listed the UK, France and the US among countries where banks generally use a less secure authentication process.
Not such good news for Belgium is that it and the other Benelux countries, the Netherlands and Luxembourg, have seen a dramatic increase in the number of ransomware incidents. More incidents have been reported in February 2016 alone than in the last six months of 2015, according to research by security supplier Trend Micro.
The number of ransomware incidents has increased worldwide, but – for a yet unknown reason – the Benelux countries have suffered more than usual. Some 6% of the incidents reported worldwide were located in the Benelux region, whereas before 2016, this figure hovered between 1% and 2%.
Benelux sees the same type of ransomware infections as the rest of the world, according to Trend Micro. It reports a switch from ‘traditional’ ransomware, which blocks entrance to the PC altogether, to crypto-ransomware, which encrypts data to prevent the victims from using it and threatens to expose all data unless a considerable amount of money is paid, usually in Bitcoin. This now makes up 98% of all ransomware.
Who are the cyber crime fighters?
When it comes to protecting organisations in Belgium, there are two scenarios. Brussels is home to several important international organisations, such as the Nato and the European Parliament. These bodies are threatened continuously and take appropriate measures to protect themselves.
But when it comes to private organisations in Belgium, it is a different picture. There, most organisations invest cautiously in digital security because they think they are less likely to fall victim to a large international attack than are some of their neighbours. “In most cases, this is a correct assumption,” said Gdata’s Willems. “But sometimes our organisations become collateral damage in bigger international attacks.”
Large internet and telecom service providers are still popular targets for international spying organisations, as was shown by the Belgacom (now Proximus) incident. This large phone operator fell victim to malware installed by NSA and GCHQ.
Nevertheless, Belgium’s relatively low cyber security threat has long been the main reason why the country’s government has been very conservative in its number of cyber security initiatives and investment in cyber security experts. Like many countries, Belgium has a Computer Emergency Response Team (CERT), but unlike nations such as the Netherlands, its investments in this have been shrinking rather than growing in recent years.
High-tech crime units
The same trend has been seen with the country’s high-tech crime units and other government organisations and initiatives concerned with cyber crime.
The stakes might not be as high as in most neighbouring countries, but after the recent high-profile terrorist attacks, Belgium’s government can no longer afford to economise with its cyber security infrastructure and investments.
The federal government officially launched the Belgian Centre for Cyber Security late last year by appointing security veteran Miguel De Bruycker as manager. One of the organisation’s main missions will be to further educate all individuals and organisations in the importance of cyber security.
Another aim of the organisation is to streamline and co-ordinate the various government and/or private initiatives around cyber security. Another challenge for Belgium is to make sure all its governments know about each other’s organisations and initiatives, ensuring they do not interfere with a proactive and efficient approach to fighting cyber crime.
“We will be the conductor of the cyber crime-fighting orchestra,” said De Bruycker at the time of his appointment. “There are too many players active in enabling a safer and more reliable internet. A quartet can function without a conductor, but a larger orchestra definitely needs a conductor, such as our Centre for Cyber Security.”
But the country’s ambitions remain limited. “We aim to reach a level of security that is appropriate for the level of threat,” said De Bruycker. “An absolute level of safety is not realistic.”
When digital meets physical
This report was originally intended to include information gathered at Infosecurity/Storage Expo, Belgium’s biggest security and storage event, which was due to take place on 23 and 24 March, but was cancelled because of the terrorist attacks the day before.
Given the location of the event – at the Heysel expo area near the Atomium landmark – and the number of attendees expected, it is an understandable decision that does not necessarily relate to the event’s subject matter.
But the fact remains that Belgium’s biggest digital security event was postponed because of one of the country’s biggest physical security threats. That may symbolise the fact that physical and digital security can no longer be seen as separate worlds.
This feeling was strengthened by another news item from the same period. It was discovered that a senior manager of a nuclear power plant in the Belgian city of Mol had been spied on with a hidden camera for an undefined period by members of the terrorist group who were also involved with the Zaventem and Brussels attacks.
No one knows the real purpose of the secret filming, but a digital scenario – gathering information for obtaining passwords or for social engineering – is now as likely as a physical scenario, such as tiger kidnapping.
Without doubt, we can expect physical security operations to be more visible than ever when Infosecurity finally takes place on 15 and 16 June. This will again highlight how closely connected the physical and digital worlds of security have become in the last few years.