Charlotte Willems (Audittrail): ‘We are convinced that privacy and information security go hand in hand’
Audittrail is one of the exhibitors at Cybersec Netherlands on November 1st and 2nd in Utrecht. Charlotte Willems, Marketing & Communication, tells us why she’s looking forward to this Dutch Cybersecurity event. She also explains the pressing threats, recent trends, and how their organization addresses these challenges in cybersecurity.
Why are events like Cybersec Netherlands important?
We find it interesting to see how the industry is evolving. We want to be part of it. It has been a while since it was possible to attend exhibitions, and now is the time to make an appearance. Since we work with people and provide consultants, it’s even more important to have face-to-face contact with each other. At Cybersec Netherlands, we have the opportunity to exchange ideas with one another. We believe it’s crucial that we all contribute to the goal of making the Netherlands more cyber-resilient.
What, in your opinion, are the most urgent threats in cybersecurity?
Currently, many companies struggle to find skilled personnel. This can be seen as a threat because more and more companies are experiencing cybercrime. We, at Audittrail provide information security consultants and privacy specialists. Continuous maintenance and development on the organisations information security program is very important. After all, when you have your information security in order, you enhance your cyber resilience. We are seeing that fewer companies are giving in on ransomware attacks, because they have a robust backup system.
Furthermore, with the current threats from technologies like AI and deep fakes, it’s crucial for companies to be aware of where the risks that lie within their organization. We work with companies on their Business Impact Analyses and discuss with them, “if you’re attacked, what should you secure first?” or, “what are the essential functions within your company?” This way, we can learn companies to proactively respond to cybercrime, since it’s not only important for a company to have control, but also to maintain that control.
Maintaining control remains a challenge for many companies. Companies operate according to regulations and laws because they are obligated to comply. However, a company’s cybersecurity strategy must be continuously adapted as situations within a company continuously change. We believe it’s essential to make companies aware of this and thereby enhancing their resilience.
What trends do you observe in cybersecurity?
A trend we’ve observed is the increase in successful hacks in recent years. Consequently, companies are more motivated to enhance their cyber resilience strategies, as a hack can lead to reputational damage and disrupt daily business operations. There are examples of companies that have gone bankrupt due to ransomware attacks. We also see in recent developments, that fewer organizations have to meet the ransomware demands due to the fact that they have a more robust backup policy that enables them to continue with daily operations and recover faster from an attack. We aim to ensure that companies don’t panic when a ransomware attack occurs, by proactively implementing measures that allow them to act more in control in case of an incident.
How does your organization address these challenges and opportunities in cybersecurity?
Our consultants are experts in privacy as well as information security. We are convinced that privacy and information security go hand in hand. Therefore, we offer various tools to companies which increase awareness on both themes. Awareness is important because employees are often the key to success. For example, when employees click on a phishing link, three things can happen: (1) they don’t realize it, (2) they ignore it, or (3) they report it. We’ve observed that employees often feel a sense of shame when reporting such issues. Therefore, it’s crucial to create awareness among employees and to not make them feel solely responsible. Part of our awareness training is our Cyber Resilience Games, a four steps training method designed to gain a higher maturity level in cyber resilience. For instance, we can train your organisation with a tabletop simulation (e.g. based on your existing BIAs). As a result you will obtain a good basis for the final ICT emergency plan by means of the Plan-Do-Check-Act process.
As part of our focus on awareness, we’ve developed the PRISM platform. This is a multifunctional platform for professionals in the privacy and information security industry, and it includes the Audittrail helpdesk as a trusted source of knowledge. We find such platforms important because we want to contribute to making the Netherlands more cyber resilient. To achieve this, companies need skilled people, who are also able to provide explanations and implement solutions. Our consultants are those people.