‘Cyber attacks successful due to inattention’
Hackers and cybercriminals are becoming increasingly sophisticated when carrying out cyber attacks. Because citizens take too few or no security measures and pay insufficient attention, more and more attacks are successful. Combating cybercrime is therefore ‘a major challenge’ that requires ‘continuous effort’.
That is what outgoing Minister of Justice and Security Ferd Grapperhaus writes in a letter to the House of Representatives.
Smart hackers or stupid victims?
The digitization of our society has taken off as a result of the corona crisis. Digitization offers opportunities to work more efficiently and to make our daily lives easier. At the same time, it increases the chances of cybercriminals to make victims. The latter is clearly visible in the development of the number of registrations of computer breaches (hacking). Between 2014 and 2016, the average number of reports was 2,000. In 2020, this number rose to 11,120. Because the willingness of victims to report is very low, the number of reports of computer breaches is in reality much higher.
According to Grapperhaus, the reason why cybercrime is on the rise is that cybercriminals are increasingly sophisticated. Think of phishing messages that look increasingly credible and professional, ransomware attacks and other forms of social engineering. “Given the often insufficient security measures and the inattention of end-users, however, an attack does not always have to be sophisticated to be successful,” the minister warns.
According to Grapperhaus, citizens behave less safely online than they think and they estimate the chance that they will be harmed by cybercriminals. The fact is that in many successful cyberattacks, insufficient basic measures have been taken by citizens and companies to strengthen their digital resilience. In order to increase their awareness of this, the cabinet has conducted several national campaigns in recent years.
Macron: ‘Cyber attacks successfully through negligence’
Grapperhaus’s words are broadly similar to those of French President Emmanuel Macron. He said early this year that most cyberattacks in France are caused by negligence. In his view, citizens and entrepreneurs are too careless and careless with information security: they choose a password that is easy to crack and too often open malicious files that are attached to an e-mail.
Macron announced that it will invest one billion euros in improving cybersecurity in emergency services and in the healthcare sector. Half of that amount goes to the development of new technologies for criminal investigations. The French president also wants to establish a ‘cyber campus’, train more ‘cyber agents’ and double the number of jobs in cybersecurity between now and 2025.
Grapperhaus reiterates cabinet position: do not pay ransom to hackers
Cybercrime can pose a threat to the national security of the Netherlands, especially if a cyber attack has a major economic and social impact. Targeted attacks on companies and institutions therefore increasingly pose a threat to our security. With this, Minister Grapperhaus quotes from the report Cyber Security Assessment Netherlands 2021, which was presented earlier this week by the National Coordinator for Security and Counterterrorism (NCTV).
When victims pay a ransom, the attackers invest some of this money in new attacks. Because the perpetrators use cryptocurrencies to collect their ransom, they remain anonymous and it is difficult to track down and prosecute cybercriminals. Minister Grapperhaus reiterates the cabinet’s position that paying ransom in the event of an attack with ransomware is unwise. “Paying a ransom does not guarantee data decryption and maintains the criminal business model. To prevent ransomware, it is important, among other things, to have digital resilience in order.”
Detecting and prosecuting cybercriminals remains a difficult task
Increasing the cyber resilience of citizens, companies and institutions is a priority for the government. At the same time, the internet should not be a safe haven for criminals. Tracking down and prosecuting cybercriminals is a difficult task. The internet is limitless and offers all kinds of technical possibilities for anonymization. The government has therefore invested heavily in recent years in strengthening criminal investigations in the digital domain. Today, for example, there is a nationwide approach to combating cybercrime, consisting of the High Tech Crime Team and ten cybercrime teams in regional units. This has led to a sharp increase in the number of investigations by the police.
It’s not all roses and roses. “Despite the efforts and successes in recent years, the increasing amount of cybercrime offences and the complexity of the investigation in the digital domain make it difficult to realize sufficient capacity and expertise,” warns Minister Grapperhaus. The government is considering investing an additional 330 million euros in tackling cybercrime by the Public Prosecution Service, the Royal Netherlands Marechaussee (KMar) and the police.
More attention for victims and scientific research
Finally, in his letter, Grapperhaus pays attention to the treatment of victims of cybercrime and scientific research. The national campaign ‘From scam to relief’ has ensured that more victims have joined online peer groups. The government has also invested 1.8 million euros in training victim coordinators. They assist victims with impactful cases. Currently, there are 20 victim coordinators, this year a further 21 will be added.
In recent years, the government has commissioned extensive scientific research into the perpetrators, victims and the nature and extent of cybercrime in the Netherlands. The researchers concluded that the current approach is bearing fruit, although it could be further refined on some points. Finally, the cabinet will expand the biennial Security Monitor of Statistics Netherlands (CBS). For example, more quantitative data on cybercrime should become available in our country.
Catch up on more articles here
Follow us on Twitter here