Safer Internet Day: A day to improve children's online safety

On every second Tuesday in February, the whole world celebrates Safer Internet Day. This is an annual campaign to raise awareness and provide education on how to be safer online. The aim is to bring children, young people, parents, teachers, police and industry together to make the online world a safer place for everyone.

In a world where more and more activities are taking place online, it is more important than ever to be aware of the dangers of the internet. Children and young people are particularly vulnerable and can become victims of cyberbullying, sexual exploitation, identity theft and other online dangers. Safer Internet Day is therefore supported worldwide by governments, non-profit organizations, industry and the media. In the past, Cyber4Z gave a presentation at the Eckartcollege high school about cybersecurity and how important it is to start early.

Safe online behaviour

Safer Internet Day aims to help children and young people understand how to behave more safely online. This includes limiting sharing of personal information, refusing to meet strangers you've met online, and always being alert to online threats.

Talk about it

Parents, teachers and other adults can also help by talking about online safety and making sure children and young people are aware of the dangers of the internet. This also means that adults need to be aware of the online activities of children and young people and always be on the lookout for any sign of cyberbullying or other online dangers.

In summary, Safer Internet Day is an important campaign to improve the online safety of children and young people. By raising awareness and providing education, we hope to create a safer online world for everyone. Let's work together for a safer internet for all children and young people.

CYBER4Z GOES TO DEF CON IN LAS VEGAS

In 2023 we have big plans: we are going to the largest and annual hacker convention DEF CON in Las Vegas, Nevada from August 10 to August 13. Here we hope to learn new things and gain new experiences within our field. We are already looking forward to it!

Privacy concerns with Lensa AI app

by Andra Albisoru

In case you have been on any social media platform in the past week, most probably you have come across pictures produces by the new mobile application, Lensa AI. This is a photo-editing app available for IOS and Android users, where uploaded selfies are transformed into avatars. The app allows the user to retouch their photos, change the background, or modify it to fit into different time period art currents.

Nevertheless, as nicely as it sounds, this app does not come without any privacy concerns, which may easily be overlooked by the common smartphone user, eager to jump on this trend as well. Therefore, we thought it would bring a benefit to explain these concerns in a simple manner, and warning potential users of the security risks they expose themselves when using the mobile application.

When reading the documentation of the Lensa app, several red flags may be noticed. While it is stated in section 5 of their privacy policy that the pictures collected from users are not used for other purposes than for applying the relevant filters, in the Terms of Use of the application it states that by using the app, you grand ‘a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable, sub-licensable license to use, reproduce, modify, distribute, create derivative works of your User Content’, for advertising, commercial purposes, as well as for training of the AI. Moreover, in order to use this app, a 1 use fee needs to be paid, and in return you receive 50 edited imagines, based on the photos that you have uploaded. However, the tool used for these edits is a tool developed by Prisma Labs, which owns the Lensa app too. In essence, when using this app, you are offering a company free training for their AI, which helps them further develop and improve their product, as well as creating free advertisement for them. All that, in return for 50 edited avatars.

Lastly, there is a social concern which condemns the implication of artificial intelligence in face recognition practices, as it creates high risks of IP theft, as well as identity theft. The boundaries of ownership for the usage of this application are still ambiguous, leaving room for too much interpretation with regards to whom may use the images after they have been created. If you have already used the application and you are worried that your data may not be used in an ethical way, you may send an e-mail to privacy@lensa-ai.com and you may ask for your collected data to be deleted. Additionally, if your pictures are used in advertising, you may send an e-mail to contact@lensa-ai.com and you may revoke that permission. It is important to create and maintain a secure and ethical environment on the internet, especially when it comes to our facial data.

Cyber4Z welcomes new colleague: Caner Filibelioglu

On December 1st Caner Filibelioglu will join our team as a senior consultant. He briefly introduces himself below.

'I'm super happy to join Cyber4z as Senior Security Consultant. My main strength is infrastructure and network penetration testing, active directory testing, and social engineering. My biggest motivation is to show customers that they might be using cutting edge technologies but there is always a weak chain in the system and this is always people. This makes the most secure networks vulnerable! For Cyber4z i'm willing to bring new customer to company and build new service lines. I believe together we are stronger and together we'll bring the success.' Welcome Caner!

How secure is your password? #changeyourpasswordday

3 out of 5 Dutch people use the same password for multiple online services. Also in organizations in the Netherlands the password policy is not always in order and a variation of Welcome with a special character and a year number is often used.

On 'Change your Password Day' it is extra important to be aware of your password. We can help with this by introducing a password policy as part of the ISO 27002 implementation. Want to know more? Contact us at 4z4u@cyber4z.com.

New ISO 27001 standard: we're on top of it

The new ISO 27001 standard was introduced at the beginning of October. This means that companies need to be compliant with improved and new standards, but what exactly does this mean for them? At Cyber4Z we are busy with the process of providing our current and new customers with appropriate advice.

It is new for many organizations that the ISO 27001 standard is being updated, making it unclear what exactly they should do. At Cyber4Z, we can remove this ambiguity by making a GAP analysis between the current state of the ISMS 2013 and ISO standard 27001 2022. This then produces a clear list of tasks that need to be done, so that the gap can be closed. For our new customers we immediately implement according to the new ISO 27001 2022 standard, to ensure that they are also compliant.

In this way we give our customers a pleasant and secure feeling. Interested in becoming ISO 27001 compliant? Please contact us at 4z4u@cyber4z.com.

Security.txt is also used by DTC

In addition to internet.nl, the Digital Trust Center (DTC) also uses the security.txt file to find contact details in response to vulnerabilities they receive.

Adding this record ensures that found vulnerabilities can reach you. How to add the security.txt record to your external servers is described here: https://www.digitaltrustcenter.nl/securitytxt. You will also find a video that explains security.txt in one and a half minutes in Dutch.

Ransomware Ready webinar

Yesterday we hosted our Ransomware Ready webinar with Matthijs Nelissen, Anders Larsson and Hardeep Singh. Using the Pentera automated validation platform, Hardeep took us step by step through a ransomware attack and how to validate this.

Thanks to Anders for the introduction and Hardeep for the great demo!

For anyone interested, it is possible to view the recording on Youtube.

‘Informationsecurity is and remains a hot topic’

Taking information security to a higher level: that's what it's all about during the ISO 27001 certification process. Cyber4Z can help with the process by performing certain activities (such as a risk assessment or a stakeholder analysis). Our security consultant Morrison Toussaint tells us more about it.

When a company wants to be certified for ISO 27001, it is important that the processes and procedures stated in the standard are implemented. “This concerns, for example, risk assessments, a stakeholder analysis or a management review. These are all activities that should contribute to a higher level of information security. I make these myself at companies, so I'm not just working on support during the audit for ISO 27001,” says Morrison. But how exactly does such a process start? “I start with a gap analysis. This is basically a questionnaire in which the aim is to find out what a company still has to do to meet the requirements as set in ISO 27001. This then results in action points that I will tackle and implement together with the organization."

In addition to the work for ISO 27001, he is also involved in other ISO standards. “There are also other standards such as ISO 9001 on quality management, ISO 22301 on business continuity management and 31000 on risk management. Those are also frameworks that we implement again.”

Getting acquainted

To start with an ISO 27001 it is important to get acquainted with a company. “I always start with a conversation about the company. For example, I ask about the organizational structure, whether IT is outsourced and how many people work there, so that I get an idea of ​​the organization. With all the information I can make a gap analysis which is the first step to achieve certification.”

This is followed by a stakeholder analysis, in which all stakeholders are mapped. “For example, it becomes clear that a company outsources it's IT activities to an IT administrator. I can talk to the IT manager, because sometimes a contract has to be adjusted in order to comply with the ISO standard.” Because of these conversations, it can sometimes take longer before an ISO process is completed. “But it's also because we don't just deliver documents to organizations, but we actually help implement things. This can be, for example, the implementation of mitigating measures, which are identified during the risk analysis.”

A positive trend

In recent years, information security has become an increasingly important topic due to cyber incidents that reach the media amongst other things. “In recent years you have seen that a company wants to be ISO 27001 certified because one of their customers asks for it. Now you see that these companies also expect their suppliers to have an ISO 27001 certificate. It is actually a snowball effect where one implementation leads to multiple implementations at other companies. That is a positive trend, because that way you ensure that the entire chain becomes safer.” That is why Cyber4Z is receiving more and more requests to help with ISO processes.

In short: Cyber4Z not only supports during the ISO audits, but also helps with the entire process around it. Want to know more? Send us an email at 4z4u@cyber4z.com.

Negotiating ransom: "They are nice to me, I to them"

Recently, Omroep Brabant worte an article about Cyber4Z concerning a cyberattack on a dental organization. This article was written by Dit artikel is geschreven doorSven de Laet. It was also discussed in a broadcast of Brabant Nieuws on Thursday 11 August (fragment starts at 4:10).

Dental organization Colosseum Dental paid a ransom of about 2 million euros to end a cyber attack. Sounds intense, but it is increasingly common for companies to go overboard. This is also what Rob Mellegers of the Eindhoven company Cyber4Z sees. He regularly negotiates with hackers. "Unfortunately, it is a growth market."

Mellegers does not know exactly who he is talking to. But he regularly has conversations with hackers, who want ransom. "Companies approach us when they are attacked. How do they know that they have been hacked? You soon find out that you can no longer use programs."

At such a moment, Mellegers and his colleagues spring into action. That communication often runs smoothly. "You will be sent a link, which will take you to a secure portal. Sometimes you can just talk to each other, as if through a kind of crypto telephone."

Mellegers' task is clear. "Make agreements with the hackers on behalf of the hacked company. Sometimes there is room for negotiation. They are very open about that. Those criminals also know exactly what they can ask of you. They have looked up your turnover for a long time, so they can also estimate whether haggling is really necessary."

But isn't it strange to chat with such a hacker? "Somehow, because you know that they have done something that is not right. But I am mainly busy limiting the damage for my client. The conversations are often very friendly. They are nice to me, I to them. It is best to make agreements, for example about paying in installments, so that you know that they actually return data."

Because that's the risk: will the hackers give that data back? "It is of course possible that they sell the data or make it public. But in general it is much more useful for them to be reliable. If they do not deliver once, everyone will know immediately. Then it makes no sense for the next hacked company to pay."

Paying is happening more and more often. "Also because the measures at companies are getting better and better. Hackers are therefore able to steal less data, which means that it also involves smaller amounts." And while ransom transfers are strongly discouraged, Mellegers can imagine paying it. "A company is the only one able to assess the impact, damage and consequences if that data ends up on the street."

Incidentally, it is not the case that companies transfer the ransom quickly to avoid negative publicity. "The moment you are hacked, you are simply obliged to report it to the Dutch Data Protection Authority."

It doesn't look like Mellegers' agenda is getting emptier any time soon. "Unfortunately, hacking is a growth market. Am I not doing my job properly? Well, you are never completely safe. It is and remains the fault of the hackers themselves."

New collegue!

Harrie van den Boomen joined Cyber4Z as an accountmanager on July 18. He will mainly focus on acquiring customers for our subsidiary Neoforce. Welcome Harrie!

Cyber4Z has moved!

Today was a big day for us at Cyber4Z: we have moved to High Tech Campus 41.

At our new location we have a bigger office with more workplaces. We also have our own meetingroom where we can meet with our cliënts. We can't wait to work at our new office!

Business with a social touch

As Cyber4Z we do business with a social touch. This means that we take people, the environment and society into account in our business activities. In this way we contribute by donating money and deploying our carfleet.

Each staff member may donate €100 per year to a social cause in the name of Cyber4Z. Think of a sports association, a good cause or someone who is committed to a good cause. The following charities have received a contribution in recent years: Justdiggit, Giro 555 for Ukraine, Trees for all, Ronald McDonald Huis, Leev in collaboration with the Pay it Forward foundation, Veldhoven Zoo, Zevenhoek Foundation, the Sterk voor Dieren foundation and Goodwill.

Use our cars

We are also concerned with the environment and how we can reduce our emissions. For example, half of our fleet is electric with brands such as Kia, Jaguar, MG and Tesla. However, we don't stop there. We also use our cars for various charities. In 2018 people were picked up and brought home after a Christmas dinner for lonely people, in 2021 one of our Teslas was used to transport ICU nursus to and from work for free and in 2022 people were brought home in a Tesla with a contribution of €1,000 has been realized for Ukraine.

What is a disaster recovery plan?

Suppose there has been a ransomware attack at your organization. What exactly do you do to respond as efficiently as possible and to minimize the impact? A disaster recovery plan (DRP) can help with this. Our security consultant and internal security officer Yu-Me Liebregt talks about the added value of a DRP for every organization. "You've thought about how to handle a crisis in advance."

What is exactly a DRP?

“In a DRP you take the steps you want and need to continue in the event of a disaster. Depending on the service, a DRP may differ. Basically, a DRP is about how to respond and reduce the impact of a disaster. This often concerns the infrastructure of your organization, i.e. the servers and laptops that may have been hacked.”

What's in a DRP?

“I use a template that contains elements that apply to each DRP, such as the composition of a crisis team, critical components, concrete recovery steps, crisis communication and contact details of the people involved. The rest of the content depends on the type of service and the size of the company. A company that offers software must take different measures than a company that makes machines, for example.”

What is the added value of a DRP?

“The added value is that you are prepared for a calamity. You have thought about critical parts and steps to take in advance. With such a plan you can actually respond as efficiently as possible to a calamity and you can limit the damage as much as possible. Think of financial damage or reputational damage. It is important that you test the plan every year and adjust it where necessary, so that you are always well prepared.”

Also ready for a DRP? Please contact us for the possibilities.

GDPR celebrates its fourth birthday!

The GDPR became applicable on 25 May 2018, which means the General Data Protection Regulation is having its fourth birthday. In honor of this, we interviewed our cybersecurity consultant Andra Albisoru about her opinion on the GDPR and her vision for the future. “I hope people will realize soon that things on the internet are never gone.”

Do you often have to deal with the GDPR in your daily work?

“Actually, I think all of us have to deal with the GDPR in our daily online activities. Especially during the pandemic, we moved our social life online. We spend more and more of our time on different websites and online applications. With that, we have the pop-up cookies that appear on our screen. We always need to agree or consent. It is very broad, but the GDPR is always there.”

What is your opinion on the GDPR?

“I think the GDPR is actually the realization that the internet is becoming more and more important in our lives. I feel like it was understood that we need to be very careful with what we share online and with our data because it holds a lot of value. I think people are starting to realize the value, especially when you are a victim of a scam online. Then you realize how much you put out there and how important it is to protect it.”

Do you think the GDPR has improved cybersecurity in the last four years?

“Yes, I do think that because the GDPR is making it mandatory for more and more companies to respect. Before the GDPR we used to have a directive (Directive 95/46/EC) but that directive was not as clear and viewed as important as the GDPR is viewed now. With the GDPR, the rules aren’t new but the force to be compliant is.”

What is your vision for the future regarding the GDPR?

“I hope at least that more and more companies will be more compliant. Even though the GDPR has been around for four years, we need to understand that it required a very big change from companies and that it takes time to implement those changes. Right now, I think it’s important to help those companies to change and then look if new rules are needed. And I hope people will realize soon that things on the internet are never gone and that we need to be as careful with those things as we are with important physical things like a passport or ID-card.”

Rob Mellegers gives a presentation at the Eckartcollege Beroepenavond

Last week Rob Mellegers gave a presentation and demonstration at Eckartcollege Eindhoven because of so-called Beroepenavond. “With the push of a button you already have insight into the security,” says Rob.

The Beroepenavond or Profession evening means that students at Eckartcollege can attend presentations by several different professionals and learn about them.

With his phone in his hand and a screen on the wall, Rob showed the class a few visible network vulnerabilities that you try to hack (ofcourse you should never do that without premission). According to Rob, the most important thing is to show that cybersecurity doesn't have to be complicated at all: "With the push of a button you already have insight into the security." Several students hung on his every word. " I was pleased to see that a large group of students is interested in the fields of ethical hacker and cybersecurity consultant. And that the students, who have to make a career choice, found it very interesting to see what I can do and how I do it." According to Rob, it is important to start with cybersecurity early. “The sooner you start, the sooner children can recognize dangers in their own behavior and that of others. That can come in handy later on.”

Fridays are for knowledge sessions

At Cyber4Z we think it's important to maintain and expand our knowledge. That is why we organize an knowledge session every three weeks on a Friday afternoon. During such sessions, a company or peron shares their expertise on a particular topic. This week we attended a presentayion about Corelight and it's product.

Developments in the field of cybersecurity are moving at lightning speed: almost every day new applications are available or new vulnerabilities are revealed. It's like a train that keeps going, that you want to sit on. By regularly organizing knowledge sessions, we ensure that we stay up-to-date and learn new things.

Would you also like to teach us something new? Please contact us at 4z4u@cyber4z.com.

Cyber4Z welcomes new collegue: Bart van der Wilt

As of June 1, Bart van der Wilt will strengthen our team as a Junior Consultant. He briefly introduces himself:

'Hello! My name is Bart and I am an eager to learn as a cybersecurity starter. I live in 's-Hertogenbosch with my girlfriend. When I'm not working, I like to exercise outside in the form of running or cycling. I have gained experience related to security during my training at the Royal Military Academy. My goal is to extend this experience with cybersecurity knowledge, so that I can help the customer solve their issues. 'Welcome Bart! We wish you lots of fun!

Cyber4Z welcomes our new colleague: Ben Willems

Today Ben Willems starts his first workday with us. He would like to introduce himself: I am a pragmatic security consultant with a strong technical background in software design, electronics engineering and computer science. My experience includes diverse set of projects on hardware-software co-design, such as safety-critical automotive software and secure embedded systems. Ultimately, my goal is to use my experience to address the technical challenges of our customers with custom security solutions.

Cyber4Z holds annual (mandatory) external audit

Last week we had our annual (mandatory) external audit for the ISO 27001 standard at Cyber4Z. This time it was a surveillance audit including ISO9001 (quality management system). Our security consultant and internal security officer Yu-Mei Liebregt tells all about this audit and what it entails. “An audit is actually a check on compliance with the standard and a check on whether we as an organization are continuously improving the ISMS and therefore information security.”

What exactly does the ISO 27001 standard mean?

“The ISO27001 standard is a standard for information security. You can obtain a certificate that shows that you have the information security in your organization in order, that you are continuously working on it and making improvements. With the ISO27001 you have an information security management system (ISMS). As an organisation, you have to be constantly working on it and continue to develop the organization in this regard. Every year you are required to undergo an internal and external audit to see whether you still meet the standard.”

What exactly was last week's audit about?

“This year we had a surveillance audit incl. ISO9001 (quality management system). A surveillance audit is more limited than a recertification audit that occurs once every three years. During the audit, the auditor conducts several interviews with different functions in which the auditor will 'check' us as an organisation. The number of interviews and the duration of the audit depend on the organization size and scope. Several colleagues are involved in the interviews, such as me as an internal security officer for our ISMS/KMS, our managementteam and developers. This year, for example, we focused on ICT security management, development, security development, management dynamics, the physical environment, customer delivery and sales. In each interview/topic, this is discussed with regard to the associated controls. The auditor can ask for policy documents and practical examples of how we actually implement our policy with which he can compare whether this corresponds with what is on paper.”

What is your opinion on audits?

“An audit is certainly necessary to remain compliant and certainly interesting. You do have to invest time in it, but it also has good added value for the organization. You learn every audit a little more and in more detail, so that you can also implement it better for customers.”

Cyber4Z provides support with internal and external audits

An organization must regularly conduct internal audits for ISO27001 (but also for comparable standards). During such audits, it is examined how the controls have been implemented by, among other things, holding interviews, assessing records (e.g. information security incident register), assessing policy documents, procedures and/or manuals and monitoring systems and applications that are running at the customer. At Cyber4Z, we assist customers in this process by supporting the drafting of policies, procedures and records. And also the practical testing of the current measures and controls taken and how they fit within the standard and the controls required by the standard. Our consultant Rob van den Heuvel is happy to tell you more about it. “I could talk about it all day!”

Due to his past as an IT auditor, Rob is the right person to help clients with conducting the internal audits and preparing for the external audit. He knows better than anyone what an accountant is looking for. “This allows me to support customers well,” says Rob. “During such audits, it is often noticeable that many control measures have already been taken and are also carried out according to a fixed pattern. However, we often also see that for many of these controls that have already been performed, the documentation to guarantee the demonstrability is still missing. Commitment is often seen as an additional workload. But you don't have to: you can guarantee the demonstrability in a very efficient way by taking screenshots and including some context. This allows you to demonstrate the actual implementation during the performance of internal and external audits.”

Information security becomes more important

Our customer organizations are increasingly being asked by their own customers how they deal with information security. Rob notices this too. “Capturing the steps you take when performing an audit therefore plays a major role in this,” says Rob. The ISO27001 certification and the associated organization of the information security management system gives our customers the opportunity to demonstrate that they are consciously involved with information security and that the necessary processes and measures have been set up.

Continue to develop

In addition, Rob also continues to develop as a consultant. For example, in February he passed the Certified ISO27001 Lead auditor training. “The training has given me more knowledge about what an ISO auditor is looking for and how I can safeguard this within the policy documents and procedures that I draw up in collaboration with the organisation.” But the most important thing, according to Rob, is to work with the customer to define the standard and associated controls that suit the organization, can be implemented practically and efficiently and leads to both internal and external satisfaction.

Pentesting at Cyber4Z

At Cyber4Z we also do so-called penetration tests (also called pentests). These tests help companies find vulnerabilities on their systems. One of our testers is Raf Martino, who specializes as a cybersecurity architect. About 3 to 4 times a month he does a pentest for a company together with his colleague Martijn Claes. Raf is happy to tell us more about it.

What does pentesting involve?

“During a pentest, we look at the security of a system in different ways. This can be a test of an internal network, where we also test all devices such as laptops and printers. We also have web applications that we test. Sometimes this happens externally, sometimes we only get the name of the company and have to see what we can find. Sometimes we only look at a specific web application and how we can get into it.”

A pentest is taken about 4 times a month. Is this a lot?

“Yes, at the moment it is a lot. Each pentest takes at least 2 days. For a pe test for a web application we need two days. But for a test on location we need three days and then we also prepare a report. We also prepare our pentests well through discussions with the technical staff and with the company. This way we know what they are afraid of and which vulnerabilities we should look at.”

What do you do pentests on?

“On internal networks we mainly do pentests on Windows domains. The typical approach for this is that we will look for employee passwords and for misconfigurations of that Windows domain. If there are vulnerabilities or misconfigurations in it, we can usually get to the point where we can retrieve the login details of an administrator. As an example: we recently had a pentest on such an internal network and then we were able to take over the entire system within half a day.”

What about the security of the companies being tested?

“It varies a lot from company to company. This year we already had customers who had everything in order with strong passwords and a good awareness campaign. It varies and that makes it fun and challenging. We do see that companies have made significant improvements in cybersecurity in a second test. Of course, at Cyber4Z, we also regularly check how our own cybersecurity is doing. A while back we did an internal phishing test. And we ask our own employees to report vulnerabilities in our domain, so that they can be improved.

Interested in a penetration test for your company? Please contact us at 4z4u@cyber4z.com.

Cyber4Z welcomes our new colleague: Rob van den Heuvel!

Cyber4Z is pleased to introduce a new colleague: Rob van den Heuvel! He will start as a Security Consultant with our team on the 1st of November and will focus on, among other things, the implementation of various standards and frameworks.

Rob likes to introduce himself: "Over the past four years I have gained experience at BDO as an IT auditor. Here I have carried out a large number of assignments for various clients in various industries, including ISO27001 internal audits, ISAE 3402 Type II, SOC 2 & 3 and security-related consultancy assignments At Cyber4z I want to develop myself further and work together with the customer to bring about change and achieve results.

Cyber4Z and Cyber4Z Solutions welcome our new colleague: Jeffrey Dierckx!

"Actually, I'm already part of the furniture" shouted Jeffrey Dierckx when he announced that he was going to work at Cyber4Z Solutions. That's right, because after 2 successful internships, Jeffrey will start on September 1 as a developer for our beautiful product Neo4Z

Jeffrey introduces himself: My name is Jeffrey Dierckx. I recently completed the Application and Media Developer training and during this training I ended up at Cyber4Z as an intern. Now I look forward to continuing to work in the solution development team at Cyber4Z! Here he will focus on the development of Neo4Z and future products!

First national Dutch advertisement for Neo4Z is a fact!

Great news: Neo4Z can be found on the front page of an supplement of the Financieel Dagblad about Business, IT Security and e-Health! Neo4Z is doing well to get more and more brand awareness. In addition, the developers at Cyber4Z Solutions ensure that there are great updates every week and they are happy to be in contact with the customer to ensure that everything is to your liking!

The entire issue can be found here. Interested in Neo4Z? Click here to go to the Neo4z website!

Cyber4Z Solutions is included in the Cloud Security Alliance!

Neo4Z, the product being developed by Cyber4Z Solutions, has been officially included in the international Cloud Security Alliance (CSA) since July 2021! The CSA is the well-known program that contributes to security assurance in the cloud. Cyber4Z and Cyber4Z Solutions are proud that our new product has been accepted by CSA.

Neo4Z offers SAAS solutions for asset registration, application management, datasets and has its own ticketing system. Built for small and large businesses, Neo4Z has monthly feature updates and standard integrations with other security products. Neo4Z is built with security in mind and built by security experts.

The registration can be found here, together with the performed assessment with an explanation of how more than 300 controls have been implemented.

Rob Mellegers attended the webinar of Centric!

Centric recently released a webinar in which Rob Mellegers, one of the founders of Cyber4Z, could talk about his work as CISO at the municipality of Heerlen! All our colleagues are happy to talk about their work and experiences, so we are proud that Rob was able to tell his story at Centric.

In his position, he has to deal with, among other things, the use of secure passwords and solutions for this. One of the tools that is used is MindYourPass, a partner of Cyber4Z which has developed a revolutionary way to handle passwords in a safe way.

The Dutch webinar can be found here. Have fune!

Cyber4Z welcomes a new colleague: Andra-Elena Albisoru!

On the 1st of May, Andra-Elena Albisoru is joining Cyber4Z, helping to bridge law & privacy with security at our clients. Welcome Andra to our group! She introduces herself below.

After moving in 2017 from Romania to the Netherlands in order to pursue my dream and obtain a law degree, I have completed my bachelor's degree in European Law at Maastricht University. Further on, I decided to also pursue a master's degree in Corporate and Commercial Law at Maastricht University.

As a result of these 2 degrees, I am now trained in Privacy and Data Protection. In order to familiarize myself with the technological world as well, in 2020 I have also completed an internship at a web-developing company, where I was tasked with creating cookie-wall content, privacy policies, and IT strategic plans. I am excited to become part of the Cyber4Z community, and curious to see what the future has in store for me.

Cyber4Z welcomes a new colleague: Rick van Leeuwen!

On April 1, Rick van Leeuwen will start as a security consultant at Cyber4Z. Rick will use his technical background to help our customers improve their security. Welcome Rick and top for joining us! Rick introduces himself below:

My name is Rick van Leeuwen and I have a background in ethical hacking and security consulting. After my study software engineering & cyber security, I worked for five years as a security consultant and ethical hacker. I look forward to working at Cyber4Z with technical assignments and to support customers with their security issues.

In my spare time I love to play with my hobby servers and design and build all kinds of useful but certainly also less useful objects with my 3D printers. I am also a member of scouting, which is a great outlet after a week at the (home) office.

Cyber4Z and FERM are going to work together!

FERM helps companies around the port of Rotterdam to become more digitally resilient. Cyber4Z is happy to announce that we are allowed to work with FERM. Cyber4Z will help set up and manage a communication platform for participants and will assist in obtaining threat information from various sources.

Together we are strong!

Cyber4Z is happy to celebrate its fifth anniversary!

Cyber4Z was founded in 2015 by Rob Mellegers and Mathé Grippeling. Matthijs Nelissen has also joined as co-owner two years ago. In the meantime, we have managed to achieve great things! Here is an overview of the last five years.

We have grown considerably in five years and have been able to achieve this with our own resources. We are also active internationally, where we have been able to create a number of successful partnerships that have proved successful for all parties. And that is important, because in these turbulent times we need each other more than usual and it is important that we not only keep success within ourselves, but share it with our strategic partners. We have successfully completed a large number of certifications and not only ISO27001, but also TISAX and BIO installations. For example, we helped the first municipal organization provide the first official statement that they comply with the BIO in design and existence. We have also embarked on a new adventure by diving into the development of an IT Service Management solution that really distinguishes itself from other products because security is embedded in the solution. Big names such as SSH and KPN have linked their products to the solution, because they also consider it important to have security of paramount importance.

We are happy with these developments, but remain focused on the requirements and wishes of our customers. For this we need continuous input and we strengthen our team with 'continuous learning' so that we can continue to provide our customers with sound advice based on knowledge and skills. We look forward with confidence to the next five years with new challenges, developments, small and large successes and, above all, a close-knit and strong team that is passionate about their profession and, above all, works with dedication and pleasure on their assignments.

Cyber4Z is pleased to announce our new colleague: Yu-Mei Liebregt!

Cyber4z is again delighted to introduce a new colleague. Yu-Mei came into contact with cybersecurity during her studies and started her career at Cyber4Z. We would like to welcome her to the team! She introduces herself below.

My name is Yu-Mei Liebregt. I recently graduated from Integrale Veiligheidskunde. During my study I learned more about cybersecurity and cybercrime. In Utrecht I followed the minor Privacy and Information Security, which increased my interest in cybersecurity. For my thesis I made a business continuity plan, after which I came into contact with Cyber4Z. Cyber4Z offers a nice combination between the policy / ISO part and the technical side, which interests me enormously. I am really looking forward to getting started and learning a lot!

Cyber4Z is pleased to announce our new colleague: Don Mulders!

Cyber4z is once again delighted to introduce a new colleague. Don has experience as a software engineer, pentester and security analyst and will use this great skillset for our customers. Welcome to the team! He introduces himself below.

My name is Don Mulders and I have a background in IT and IT Security. Specifically, I have a bachelor's degree in Game Technology, after which I obtained a master's degree in Information Security Technology. In addition, I have many years of experience in various programming languages. I like to think out-of-the-box and bridge the gap between technology and people. Cyber4Z offers me a wide range of opportunities, both to use my technical background and to further develop myself in the policy side of information security. In my spare time I play all kinds of games; drill games, Pathfinder, and also online games.

Cyber4Z is working together with the Dutch Cyber Weerbaarheids Center on the development of a threat intelligence platform

Cyber4Z is a partner of the Dutch Cyber Weerbaarheids Center Brainport (CWB). Cyber4Z has set up a Malware Information Sharing Platform (MISP) together with the CWB. Through this platform, the participants of the CWB, mostly companies in the high-tech and manufacturing industry, receive so-called events from the National Cyber Security Center. This actively informs participants about possible vulnerabilities and threats. Participants submit their IP addresses and a list of used hardware and software to the NCSC and these participants now receive current and relevant information. This news has now been picked up by various media. Cyber4Z is proud that they have been able to set up this service for the CWB and the many participants!

Click here to visit the website of the CWB and click here to read the article of Computable.

Cyber4Z is pleased to announce our new colleague: Martijn Claes!

Cyber4Z is pleased to introduce a new colleague: Martijn Claes will start at the end of August and will focus on the technical aspects within cyber security and penetration testing. Welcome to the team, Martijn! Below he introduces himself.

While obtaining my Master of Electronics and ICT engineering I discovered the cybersecurity domain. I've been working in IT for 5 years with a specialization in security - more specifically infrastructure security. Coming from a pentesting background, I've successfully managed and conducted security penetration tests and provided clear advice and support to clients on how to apply fixes. My biggest satisfaction is helping organizations to find the weaknesses which makes them vulnerable and offer the best recommendations on how to fix them

Cyber4Z welcomes our new colleague Brandon!

Cyber4Z is pleased to announce that as of July 1, our new colleague Brandon will be part of our team! He will focus on software development. Below he introduces himself.

My name is Brandon Kleijnen and I completed my HBO ICT studies last year with a specialization in Software Development. During my HBO studies I worked for a number of years at a computer service provider. I am at the start of my career and want to gain as much knowledge as possible. Working for clients and on solutions is important to me and I would like to contribute this at Cyber4Z. The moment I help people with their issues and answer them successfully, are the moments when I am really happy.

Interview with Arissa d'Fonseca - Security Consultant at Cyber4Z

Arissa has been working at Cyber4Z since 1 October 2019, combining learning and working. We were curious about her experiences and tips as a starting security consultant.

What do you do at Cyber4Z?

I am currently employed at a large customer as a Risk Manager, where I mainly deal with managing the risk register. I have monthly meetings with multiple Risk Managers to discuss progress and I report on this. In addition, I do application intakes where we gain more insight in the risks when using these applications and which information is on which system.

Then you speak a lot of people!

Yes, I am amazed at how many colleagues there are and how many different people are employed. I think that is very important and I feel better with the atmosphere of a large company.

What do you enjoy the most about your job?

I really enjoy working with colleagues and people. I am good at leveling with everyone, so the conversation is always pleasant.

Is there anything about working as a consultant that you expected in advance but turns out to be very different?

It may sound very strange but when I am honest, I expected that in the first year I would get less confidence, but I actually get a lot of freedom and trust to be able to do my work and that helps enormously.

What is your best tip for people who study now for work later?

I would say complete your first year, get your foundation degree and start applying at jobs. When you start your study, it is very important to gain experience in the field. Learn about the field, because school is a completely different area.

Do you have any tips for universities on how they offer classes?

The fact that a study program should initially focus the field of work. For example, I see 5 courses that all revolve around the same thing, but just a different description. I would go more into specific topics and the different aspects and possibilities. The current courses are too generic. We train too many globalists. If you do something with the work field, you immediately have more aspects of it.

Article: what is ransomware and how does it work?

What is ransomware?

Ransomware, also known as hostage software, is a type of malware that encrypts data, but also systems and an entire network, where the victim has to pay money to regain access. This is usually done by criminal organizations to make money. Ransomware has grown considerably in popularity among malicious parties in recent years. For example, the number of ransomware attacks registered with leading insurance company Chubb has risen on average by 12% a year in recent years compared to the previous year, with the number of attacks in 2019 increasing by as much as 18%. One of the best-known ransomware is WannaCry, affecting various organizations internationally.

Methods

There are several ways in which a ransomware can infect a computer or network. The most common way is through spam: emails sent to trick the recipient into clicking a link or opening a file. Another way is by visiting infected websites, where visitors automatically download malware. This can be websites that are specially designed to distribute ransomware, but also websites that are themselves infected without knowing this.

Recommendation

When your organization is dealing with ransomware, it is always recommended that you do not pay any money to unlock your files, systems and networks. The reason for this is that the malicious person will come back to you more often and moreover this person cannot be trusted, so there is no guarantee that your files will be released. Cyber4Z supports you and your organization in helping to prevent ransomware attacks. We use proven technologies and organizational measures to better prepare your organization for possible ransomware attacks. Feel free to contact us for more information, we are happy to assist you!

Cyber4Z and Cyber4Z-GCC successful in the Gulf region during the Cyber Security Conference in Kuwait City

Cyber4Z-GCC had a successful presence during the 2nd Cyber Security Conference in Kuwait City. Prof. Dr. Safaa Zaman, Full professor of the University of Kuwait and General Manager of Cyber4Z-GCC organised this second event with support of his Highness, the Prime Minister Sheikh Jaber Almubarak Alhamad Alsabah. Rob Mellegers was invited to present about risks from open sources. He had assessed 4 companies in Kuwait from open sources without performing a scan or penetration test. The results have been presented and discussed afterwards. Thanks to the solution of Cyber4Z partner SecurityScoreCard, we were able to find many interesting results. The solution is used for Third Party Management. Some Dutch based products have been presented as well, like the Ubikey. An invention from NXP to handle authentication without passwords.

.

Cyber4Z will support the Cyber Resilience Center Brainport by performing security health checks for a part of the joined organizations

Cyber Resilience Center Brainport is the first in the Netherlands in having a Cyber Resilience Center to help companies within the knowledge-intensive industry with resilience against digital espionage and sabotage. This makes the high-tech region the leader in the Netherlands that -in addition to the vital sectors as designated by the Dutch government (such as health care, energy, harbor, etc.)- is making serious work out of cyber resilience.

For more information about CWC Brainport, visit LinkedIn or the website of Brainport.

Cyber4z welcomes new colleague: Arissa!

Cyber4Z is pleased to announce a new colleagues to our team as of the 1st of October. She will introduce herself below. Welcome Arissa and lots of success and fun!

My name is Arissa D’Fonseca and I am currently in the 3rd year of HBO ICT and I specialize in Cyber Security. I am very curious about the field of the Cyber Security industry. Cyber4Z gives me the opportunity to combine studying, working and gaining experience. There is a lot that I want to learn and I expect to gradually expand my knowledge and expertise and ultimately apply this carefully to Cyber4Z and its customers.

Cyber4z positively assessed on ISO 27001 and 9001 surveillance audit

Cyber4Z has been certified against ISO27001 and ISO9001 for a number of years now. Certification is a way to formally prove that we handle confidential information responsibly, since we have set up an information security management system in a structured manner. In the first three years we are tested annually by means of a surveillance audit. If there have been changes in the management system, it will be independently assessed whether we have organized these changes in a responsible manner. Because we help our customers with various certification processes, we believe that we ourselves must also comply with the security guidelines from both ISO standards. That is why we are pleased that DEKRA has acknowledged again that we can continue to maintain our certificate. Compliments for the entire team who took responsibility for the activities in a continuous improvement process and that we are able to manage our management system and the associated measures, and thus managing the risks adequately!

Strategic partnership between Foreach-IT & Cyber4Z

Cyber4Z is very pleased to announce that Foreach-IT and Cyber4Z have signed a contract for a strategic partnership. We will be able to deliver security software in addition to consultancy. The focus of this software is on risk and compliance, in particular technical compliance in accordance with the BIO (Baseline Information Security for the Government), which is derived from ISO 27001:2017 and ISO 27002:2017. In addition, access mechanisms are incorporated into the software, in partnership with SSH, so that administrators have controlled access to the systems they manage, based on the keywords manageability, controllability and irrefutability.

Nice collaboration between Brunel and Cyber4Z!

Brunel organizes the exclusive 'Meet & Inspire event: Ethical Hacking' on Thursday 6 June 19 at Van der Valk Hotel Brussels Airport for cyber security and information security professionals. From Cyber4Z, Rob Mellegers and Raf Martino will share their expertise with ethical hacking that evening. Do you want to be attend this event? Register now via EventsBE@brunel.net. Be quick, because the places are limited. .

Frank van Hooft, our new colleague in the role of Senior Security Consultant

My name is Frank van Hooft, on March 1st I will join Cyber4Z as Senior Security Consultant. With a background in process and project management, I started with information security twelve years ago. The width and depth of information security has grabbed me. The multitude of topics such as risks and mitigating measures, the difficult communication between "the business" and "IT" are some examples of the world in which I feel at home. I get my energy by supporting "business" in this.

I live in Almkerk, together with my wife and son of 22. My hobbies are music, reading, exploring Scotland and going out on my motorbike.

Cyber4Z is wishing you a succesfull 2019!