Cybersecurity, everyone's business

From people to systems

Cyber security is higher and higher on the agenda of companies and governments. The Security Factory and Infosentry can provide great added value here, both technically and policy-wise. This can range from a simple technical test of the IT environment to guiding towards ISO 27001 certification, the ISO standard for information security.

"We are ethical hackers," insists Nico Cooman, managing partner at The Security Factory. "We never take a proactive approach. We only spring into action at the request of our clients. We simulate a hacking and try to crack their system. This is followed by a report in which we note all the weaknesses and vulnerabilities that are in the system. So we actually look for the open virtual windows and doors, and demonstrate their impact."

Wake-up call

Late last year, cybersecurity was suddenly a hot topic in the news when a cyberattack took down the city of Antwerp's computer system. "A very regrettable case, but the best illustration that it is a must to guard against such attacks. For many CEOs, it was a real wake-up call. By the way, statistics show that the chances of a hacker passing are very real. Cybersecurity has become everyone's story today."

Fictional story at the reception

The Security Factory tests not only an organization's technical vulnerabilities but also its human ones. "For example, we send out commissioned phishing emails and find out which employees click on them and who shares their passwords. We also call people and try to extract sensitive data from them. Sometimes we even approach them physically. For example, we sign in at a company's front desk and spin a fictitious story. Will the front desk clerk let us through? Is that person even willing to give us the key to a room?"

Awareness is important

Whereas The Security Factory has primarily a technical scope, Infosentry takes an organizational-level approach. "We look at the entire security policy within the company, including all processes, technical and organizational measures. We examine how resilient the client is against potential incidents and what maturity there is in the company around cybersecurity. Cybersecurity is much broader than just a matter for the IT department. Every employee must demonstrate a certain awareness," said Cedric Brosens, managing partner at Infosentry. 

Partnership with customers

"We start with an assessment as a kind of baseline measurement. We do that by going through documents, looking at network diagrams and organizing workshops, among other things. On this basis, we give the client insight into where he stands today, and together we draw up an action plan or roadmap to increase maturity. We then implement that roadmap together with the organization. It's a continuous growth process where the focus is on continuously reducing risk. We enter into a long-term partnership with our customers."

Supervising from A to Z

"Technically, we only monitor to a certain extent. We don't do hacking. We work in breadth and, if necessary, suggest to clients to substantiate our findings through ethical hacking. Hence, our operation is complementary to that of The Security Factory. When they discover a vulnerability, there is often something structurally wrong in the security policy. Companies that want to go all the way, we accompany them from A to Z to the audit to obtain ISO 27001 certification."

Framework: NIS2 guideline

Today, the supply chain is so connected and digitized that large companies impose obligations on whoever is part of that chain. An ISO 27001 certificate then certainly gives a competitive advantage. Those who can present the attestation are also in compliance for some 80% with the European NIS2 directive that comes into effect in October 2024. This establishes cybersecurity obligations for companies operating in critical sectors such as logistics. We help them comply with the NIS2 directive," Cedric concludes.