June 30, 2022, Utrecht
From the heart of the Netherlands, NFIR hosted its first Managed Detection and Response (MDR) Seminar on Thursday, June 30, 2022. This event attracted as many as 75 visitors who are directly or indirectly involved in the digital security and resilience of their organizations. A diverse program and a pleasant networking reception resulted in a successful first seminar. A seminar where different disciplines looked at the ins and outs of security monitoring, the usefulness and necessity of file monitoring and the importance of good contractual agreements in the event of cyber incidents.
The importance of adequate security monitoring
After the welcome address by Arwi van der Sluijs, NFIR’s general manager, the seminar was kicked off by the Petra Oldengarm, director of Cyberveilig Nederland, with the question, “What to do if you can’t keep cyber incidents out?” She answered this question using several lessons learned from previous cyber incidents. After all, one learns the most from practice. Among other things, Oldengarm emphasized the importance of actively monitoring infrastructure and that the lack of basic measures often plays a major role. Rob de Vries, Security Officer of NFIR, elaborated on the importance of security monitoring and clearly indicated the difference adequate monitoring makes to organizations. De Vries closed with the future perspective of security monitoring and what trends will develop in this area.
For Hof van Twente municipality, these measures could have made a big difference. Wim Heij, program manager at Hof van Twente, guided us through the cause and aftermath of one of the biggest hacks in the Netherlands in recent times. Along with installing usable backups and implementing IT Security policies, he cited active monitoring as the lessons learned that followed after the ransomware attack in 2020.
Grip on unlawful use of personal data
The second discipline within our MDR services is Dossier Monitoring. After Wim Heij’s presentation, Dennis Slier, commercial director of NFIR, made the bridge from security to privacy. The central question was “How do organizations that process personal data maintain control over the privacy of their clients and patients?” Slier mentioned that when monitoring files, it is important to provide insight into user behavior. NFIR started with its Dossier Monitoring service once in healthcare, but sees many opportunities for the future to roll out the service within other organizations such as Municipalities, which are also intensive processors of personal data.
Gertrude van der Welle gave the Dossier Monitoring presentation a practical addition. From her former role as Privacy Officer at Haga Hospital, she outlined the challenges in controlling logging. In doing so, she explained the differences between types of logging research and what prerequisites and carders should be established when conducting logging research.
In addition to digital resilience, legal resilience
The presentations mentioned all indicate that security and privacy incidents should be prevented as much as possible and substantiate which tools are suitable for this. After all, cybercrime is the order of the day and the question is not if, but when your organization will be targeted. Complete prevention is still a pipe dream, but proper handling of a cyber incident can limit the damage. Anne-Wil Duthler, attorney at First Lawyers, therefore spoke about the importance of legal resilience in cyber incidents. She emphasizes that well-equipped legal operations are indispensable for recovering damages and for being resilient to legal claims. However, practice has shown that this is far from always in order.
All in all, we look back with pride on a successful seminar that sparked useful and inspiring conversations among all parties present. NFIR hopes to host more similar events in the near future. Keep an eye on our channels and we may welcome you at one of the following events.