Hardly a surprise. They’re not going to be the only ones this year.
Absolute sheer incompetence. It shows clearly that BDW has no clue what he’s doing. Wasting money going after drug users, but refusing to spend money to prevent criminals from just accessing critical information. It’s pretty much guaranteed that the big drug importers and dealers have had access to the city’s system.
En dit is dus waarom ik de overheid niet vertrouw met een vingerafdrukken databank
It’s a shame VRT didn’t even bother to let this be read by an IT expert.
A quote like “it’s not IF you’ll be hacked, but when” is literally a general statement you make in IT. [random link as source](https://www.alliancembs.manchester.ac.uk/news/cyber-security—it-is-not-a-matter-of-if-but-when-businesses-will-come-under-attack-from-hackers/) It’s about describing a mindset, rather than an actual situation.
Anything is hackable. Nothing is a 100% secure. Security is always directly opposed to useability/user experience. Your users are a large concern in terms of security – the harder you make it for them, the more likely they’ll circumvent that security to keep it workable. And with the knowledge you can be hacked, start making contingencies to get back up and running.
Your VIP’s are always the duality. They’re the most important to protect, and the hardest to convince of it. They always easy access, they barely have basic understanding of IT, and can overrule any decision themselves.
Not enough money for maintaining systems that are implemented isn’t new or unique to IT either. There’s money for new things, never to renew things until they’re broken.
Actual red flags are things like having products that have been end of life since 2015. The question then becomes did IT mismanage, or did business never feel like investing? Maybe it was just 1 system that kept getting postponed, hard to judge with the little information.
Hiring companies for audits is already a good step, it means you have awareness that these topics require funding & time. The fact they started those cyberdefence programs was also a sign they were working on it, not a signal of mismanagement.
The auditors ofcourse always find things (no system is perfect), that’s what they’re getting paid for.
Also, shifting priorities are pretty standard, and let’s not forget the challenges of Covid on IT. Lots of new requirements in IT systems, remote work, remote conferencing, new collaboration tools, etc etc etc.
It’s also not unique to the private sector – everyone (can) get(s) hacked. As the saying goes “it’s not if you’ll be hacked, but when”.
As I said at the start – it’s a shame VRT didn’t let the reports be handled by an IT professional.
I feel like this article could’ve been written about a lot of companies
BdW die dit scheeflult naar een federale bevoegdheid in 3,2,1…
Learning about stuff in school in cybersecurity last year currently.. its kind of insane how intricate some things go. And then in comparison how some other things go completely half assed for years on end in some places
7 comments
Hardly a surprise. They’re not going to be the only ones this year.
Absolute sheer incompetence. It shows clearly that BDW has no clue what he’s doing. Wasting money going after drug users, but refusing to spend money to prevent criminals from just accessing critical information. It’s pretty much guaranteed that the big drug importers and dealers have had access to the city’s system.
En dit is dus waarom ik de overheid niet vertrouw met een vingerafdrukken databank
It’s a shame VRT didn’t even bother to let this be read by an IT expert.
A quote like “it’s not IF you’ll be hacked, but when” is literally a general statement you make in IT. [random link as source](https://www.alliancembs.manchester.ac.uk/news/cyber-security—it-is-not-a-matter-of-if-but-when-businesses-will-come-under-attack-from-hackers/) It’s about describing a mindset, rather than an actual situation.
Anything is hackable. Nothing is a 100% secure. Security is always directly opposed to useability/user experience. Your users are a large concern in terms of security – the harder you make it for them, the more likely they’ll circumvent that security to keep it workable. And with the knowledge you can be hacked, start making contingencies to get back up and running.
Your VIP’s are always the duality. They’re the most important to protect, and the hardest to convince of it. They always easy access, they barely have basic understanding of IT, and can overrule any decision themselves.
Not enough money for maintaining systems that are implemented isn’t new or unique to IT either. There’s money for new things, never to renew things until they’re broken.
Actual red flags are things like having products that have been end of life since 2015. The question then becomes did IT mismanage, or did business never feel like investing? Maybe it was just 1 system that kept getting postponed, hard to judge with the little information.
Hiring companies for audits is already a good step, it means you have awareness that these topics require funding & time. The fact they started those cyberdefence programs was also a sign they were working on it, not a signal of mismanagement.
The auditors ofcourse always find things (no system is perfect), that’s what they’re getting paid for.
Also, shifting priorities are pretty standard, and let’s not forget the challenges of Covid on IT. Lots of new requirements in IT systems, remote work, remote conferencing, new collaboration tools, etc etc etc.
It’s also not unique to the private sector – everyone (can) get(s) hacked. As the saying goes “it’s not if you’ll be hacked, but when”.
As I said at the start – it’s a shame VRT didn’t let the reports be handled by an IT professional.
I feel like this article could’ve been written about a lot of companies
BdW die dit scheeflult naar een federale bevoegdheid in 3,2,1…
Learning about stuff in school in cybersecurity last year currently.. its kind of insane how intricate some things go. And then in comparison how some other things go completely half assed for years on end in some places