The crucial distinction between proactive and reactive cybersecurity is in the timing and approach relative to threats. Proactive cyber security focuses primarily on preventing attacks before they happen. This is done through continuous monitoring, thorough security assessments and implementation of preventive measures. In contrast, reactive cyber security responds to incidents after they have already occurred through detection, containment and remediation activities.

Examples of Proactive and Reactive Measures

Proactive measures include vulnerability assessments, penetration testing (pen testing), training focused on security awareness and threat hunting (actively looking for potential threats). These efforts aim to identify and address security weaknesses before malicious actors can exploit them.

Reactive measures, on the other hand, include incident response (responding to incidents), digital forensics (digital forensics), malware analysis (analyzing malicious software) and remediation processes that kick in as soon as a breach is detected.

Yes, we are available 24/7 for SMEs, multinationals, government bodies, educational institutions and non-profit organisations. Within three hours, an incident response (CERT) team is present at every location in the Netherlands (Wadden Islands excluded).

Of all the IT security incidents handled by NFIR, the most common are compromised (e-mail) accounts and attacks on vulnerable systems that offered insufficient resistance due to a lack of software updates and security. If hackers gain unauthorized access to systems, this usually leads to data breaches, the installation of ransomware and various types of malware such as crypto miners.

Common types of incidents and response that the Incident Response team assists with.

• Malware infections
• Ransomware attacks
• Data breaches
• Denial-of-Service (DoS/DDoS) attacks.
• Insider Threats
• Phishing and Social Engineering
• Cloud Security Incident Response
• OT/ICS Incident Response

The aim of the incident response team is to minimise the impact of the cyber incident as quickly as possible so that the continuity of your organisation is no longer at stake.

1. Please contact NFIR’s Computer Emergency Response Team directly (088-133 0700)
2. The CERT takes action. All necessary equipment is packed and within 3 hours the CERT is on site
3. On site, the intake is conducted with all stakeholders to gather all available information about the incident.
4. After granting the order, triage on the affected systems will be started.
5. As soon as it is clear which systems have been affected or need further investigation, data will be secured according to a digital forensic procedure.
6. In the containment phase, the affected systems are restored and security is verified to prevent a recurrence of the incident
7. In the post-incident phase, the secured data is further digitally forensically examined. As many answers as possible are given to the research questions and the subject matter of the research. All findings and recommendations will be included in a report that will be delivered at the conclusion of the incident. This report can be used for internal and external purposes (such as supervisors and for legal proceedings).

NFIR’s CERT consists of:

• digital forensic investigators,
• ethical hackers
• team leads

all of whom have experience in incident response. After notification of the security incident, a team is put together that expresses its opinion. The size of the team depends on the type of cyber incident. Of course, all members of the team will work forensically during this process.

The number of ransomware attacks in the Netherlands is large and even increasing. In a recent survey, nearly three-quarters of Dutch companies surveyed said they would be hit by a ransomware attack by 2021. Only slightly more than a third said they had a cybersecurity strategy ready. This is while the impact of a ransomware attack on your business or organization is enormous. Your business operations are severely hampered or even made impossible. Trade secrets (can) be resold and data leaked. Your external partners no longer trust your organization and take a wait-and-see attitude. And don’t think “that won’t happen to us,” because it can happen to anyone. From large companies and organizations to SMEs employing 20 people.

Read the full article: What impact does a ransomware attack have on my organization?

This is not necessary in all cases, but often the client wants to know the extent of the incident and supervisors ask questions that can be answered by conducting an investigation. In all cases, NFIR is obliged to provide a report.

The Incident Response team is always provided with the right digital forensic equipment to serve the clients directly on location. NFIR continuously invests in fast, reliable and leading equipment and tooling that allows multiple Incident Response teams to operate simultaneously.

Know what to expect in the event of an IT security incident. Read more about the Incident Response plan.

When a cyber incident breaches your organization’s digital fortress, the impact does not manifest itself solely in technical disruptions. A crucial, often underestimated, domain includes the complex legal and communications aftermath. This is where NFIR positions itself as your strategic partner, reaching beyond mere technical incident handling. We understand that navigating legal obligations after an incident – think about the meticulous interpretation and prompt compliance with notification obligations such as the AVG/GDPR and industry-specific regulations – is of existential importance. Our expertise ensures that your organization not only complies with formal requirements, but does so in a way that minimizes potential legal complications.

Parallel to this is the need for a thoughtful and effective communications strategy during and after an incident. NFIR supports you in establishing and implementing clear protocols for internal communications so that employees and internal stakeholders are timely and accurately informed, which is essential for maintaining trust and operational continuity. For critical external communications to customers, the press and regulatory bodies, we provide strategic advice and operational support to communicate transparently without risking unnecessary reputational damage. In the heat of crisis communications, NFIR stands alongside you to manage the narrative, debunk rumors and restore trust. Where specialized legal expertise is required, NFIR facilitates seamless interaction with reputable legal experts within our network so that your organization acts legally sound at all times. Ultimately, protecting and restoring your public image is invaluable. NFIR seamlessly integrates public relations and reputation management into our incident response approach, with the goal of mitigating the long-term effects of the incident on your brand and implementing a strategy for recovery that demonstrates transparency and accountability. Through this integrated legal and communications approach, NFIR ensures a response that is not only technically adequate, but also legally robust and communicatively effective, significantly reducing the overall impact of the cyber incident on your organization.

We stand for communicating in clear language with our customers. In this way we also report our findings. In addition, we aspire to the ‘numbers tell the tale’ approach, which enables us to help you in a targeted way by means of various types of research. The approach also includes further development of our services. As a result, our services keep in line with changing practice.

NFIR stands for offering technical and organisational support, security services and training. With our knowledge and experience we can provide you with technical advice and advise you on the procedures and processes of information security. Enabling NFIR helps you to increase the resilience of your organisation’s cyber security in several areas.

More information