Belgium is facing major challenges in the area of ​​cybersecurity as Belgian organizations are increasingly becoming victims of cybercriminals. The problems are known, are the solutions also known?

“Almost every day, a Belgian organization falls victim to a cyber attack.” With these ominous words, Telecommunications Minister Petra De Sutter (Greens) immediately sets the tone at Cybersec in Brussels. “The recent attack on Duvel Moortgat shows once again that no sector is left untouched.”

Cybercrime is a growing problem. Not only in Belgium, but worldwide. The World Economic Forum lists cyberattacks as one of the five biggest global threats. The manipulation of information using AI is in second place.

“Are we winning the battle at the moment?” asks Miguel De Bruycker, Director General of the CCB. At Cybersec, the cybersecurity challenges facing Belgium are discussed in detail, but solutions are also sought.

Fragile trust

“The cost of phishing attacks in Belgium is rising to 40 million euros per year,” says De Sutter, summing up the next worrying statistic. But the toll of phishing goes beyond the financial, says the minister. “Trust in digital services is coming under pressure.”

The abundance of increasingly realistic AI deepfakes will only put digital trust under greater pressure, De Bruycker notes. “You can no longer always be sure that the person you are interacting with online is really who you think they are. It will become necessary to verify the identity and integrity of online people and services.”

To prevent misuse of your identity, it is important to protect it online. “If I can say one thing to you during this presentation: Please engage MFA. It is not a holy grail, but it makes a difference.” In 2021, CCB launched the Spear warningCampaign to proactively warn companies about vulnerabilities in systems, but also about leaked access data.

You can no longer always be sure that the person you are interacting with online is really who you think they are.

Miguel De Bruycker, Director General of the CCB

Actions instead of words

Although the risks have been discussed for years, cyber attacks are still increasing. How is that possible? De Bruycker puts his finger on the sore spot: “In the security world, we have actually been saying the same thing for decades. Strategies always include things like information sharing, collaboration, etc. Now there is also more talk about AI and quantum.”

These words are not always adequately translated into action. “Cyberattacks and their costs are increasing year on year, and it is predicted that costs could increase by 40 percent per year in the coming years. I have my doubts as to whether this percentage is correct, but if even experts doubt our approach, shouldn’t we ask ourselves what we are doing wrong?” De Bruycker continues.

Asking the question means answering it. De Bruycker: “All too often there is a lack of concrete action plans to take that extra step. We need to think big, but start with small steps to achieve our goals.”

According to De Bruycker, unclear leadership is one of the problems why politics is losing control. “There are many different authorities, so it is not always clear who is responsible. Because the digital world is an open environment, the scope for action of these authorities is often limited.”

In the security world, we have actually been saying the same thing for decades. Often, there is a lack of concrete action plans for taking this additional step.

Miguel De Bruycker, Director General of the CCB

NIS2 as a game changer?

De Bruycker sees another fundamental problem. “In many industries, certificates and audits are the most normal thing in the world. If you have electricity installed in your house, you should have it done by a certified electrician. Why don’t we do the same in cybersecurity?”

The upcoming NIS2 law is intended to serve as a “quality seal” for digital solutions. Companies from many industries must comply with strict security regulations, as must their IT suppliers. At Cybersec, people are already looking forward to the law with high expectations. “NIS2 can be a real game changer. Security will become a requirement, even for companies that have not previously seen it as a priority. We must now focus on concrete implementation and a proactive approach,” says De Sutter.

Belgium has already taken an important step by anchoring NIS2 in national legislation. “The Royal Decree was officially published in the Belgian Official Journal on 17 May. As a result, tools will be available quickly. “CCB will soon provide a scope test that organizations can use to assess whether they are subject to the legal obligations,” we learn from De Bruycker. There is not much time left: NIS2 comes into force on 18 October.

NIS2 can be a real game changer. Security becomes a requirement, even for companies that previously did not see it as a priority.

Petra De Sutter, Federal Minister for Telecommunications (Greens)

The challenges facing cybersecurity are well known and will not be solved overnight. New technologies are constantly upending the relationship between attackers and defenders. Is NIS-2 the secret weapon for a safer digital Belgium? Time will soon tell.

Want to know more about NIS2 and what it means for your business? Industry experts share their views round table.