Vincent Thiele

It’s time to take action and take your cybersecurity posture seriously. Protecting your organisation from cyber risks requires a multi-layered approach. A key layer? Cyber Threat Intelligence. That’s where Q-Feeds comes in: delivering real-time intel, updated every 20 minutes, to keep you ahead of threats and strengthen your defences. #CyberSecurity #ThreatIntelligence #QFeeds

5

In today’s evolving threat landscape, relying on static defenses isn’t enough. Organizations need continuous, proactive, and measurable security validation to stay ahead of attackers. 💡 That’s where Breach and Attack Simulation (BAS) comes in! BAS empowers organizations of all sizes to: ✔️ Validate security controls against real-world threats. ✔️ Measure the effectiveness of defenses in real time. ✔️ Identify gaps and optimize security posture effortlessly. Whether you're managing security for a small business or a global enterprise, BAS offers comprehensive insights to enhance your defenses and reduce risks. 📊 Curious about how BAS can transform your cybersecurity strategy? Let’s talk! https://lnkd.in/dG44dAyw 💬 Drop a comment, send a message, or Contact Us to explore how BAS can safeguard your organization against modern threats. #meteonic #devsecops #Cybersecurity #BreachAndAttackSimulation #BAS #ThreatManagement #ContinuousValidation

7

Having kids in primary school myself, these institutions must do better when it comes to cybersecurity and privacy. Here is an interesting article that delves into what it means not to exercise due care.

1

Recent cyberattacks in the Netherlands have once again highlighted a critical truth: "Digital resilience is essential to prevent damage. Entrepreneurs are well advised to take their cyber risks seriously and implement preventive measures, as cybercrime has become one of the biggest business risks." Despite this, smaller companies often overestimate their cybersecurity readiness, with many lacking advanced measures like proactive monitoring or staff training. The government has responded with support like the "Mijn Cyberweerbare Zaak" subsidy, which reimburses half the costs (up to €1,250) for cybersecurity investments. As the article stresses, "Cybersecurity is not a one-time investment, but an ongoing responsibility. Acting now prevents much greater damage later." Equally important, more companies are choosing to manage residual risks by securing a cyber insurance policy. Protecting your organization is no longer optional. Cyber insurance can be a vital part of a comprehensive strategy to safeguard business continuity and financial stability in the face of growing cyber threats. https://lnkd.in/ezN623NN #CyberInsurance #Cybersecurity #RiskManagement #DigitalResilience

1

Cybersecurity and GRC leaders need to focus on the fundamentals of the organization's cybersecurity ecosystem, not on compliance spreadsheets. If the fundamentals are done right, the green checks on the compliance spreadsheet will follow automatically... #Cyfora #NIS2 #CyFun #ISO27001 #DORA

22

Dutch intelligence agency, Algemene Inlichtingen- en Veiligheidsdienst - AIVD, recommends considering privacy technology for data sharing: "The use of #PETs can enhance digital security in collaborative data processing. The AIVD therefore recommends considering using PETs when exchanging data with another party." (translated) "With this publication, the AIVD aims to contribute to strengthening the digital resilience and resilience of the Dutch government, vital sectors, high-tech top sectors, and knowledge institutions." For questions on Roseman Labs' PET solution, please reach out. https://lnkd.in/eb7rbksp

34

2 Comments

Beyond operations, PIAM provides measurable gains in governance and compliance: ✅ Audit readiness improves with clear, time-stamped records of who has access, who approved it, and why. ✅ Least privilege enforcement becomes practical, not just aspirational, when roles and access are aligned through automation. ✅ Change management is streamlined. As departments reorganize or buildings evolve, delegated stakeholders can update access configurations in real time without waiting on IT. If your organization is subject to regulatory frameworks or physical security mandates, PIAM can support both the technical controls and the evidence trail required for compliance. Learn more about this here: https://lnkd.in/eqA8ZFb4

24

Over the past few months our team cooperated closely with NCC-NL to develop a subsidy grant, worth EUR 2,5 mln, aimed at bringing together Dutch and Ukranian cybersecurity businesses. Focus areas are 1. SOC-as-a-Service 2. Cloud Security 3. Identity & Access Management (email security) 4. Digital Forensics & Incident Response. The grant is now open for applications. The framework will allow businesses to deepen their understanding of the persistent and complex cyberthreats that Ukraine is faced with on a day to day basis, ultimately contributing to digital resilience in both countries. Thank you to all colleagues in both 🇳🇱 and 🇺🇦 who made this happen! Jurriën Norder Verena de Lange Ilja Hilhorst Anton Demokhin Embassy of the Kingdom of the Netherlands in Ukraine Embassy of Ukraine in the Kingdom of the Netherlands Ministerie van Buitenlandse Zaken Ernst Noorman

32

2 Comments

Our 2026 Cyber Trend Report is out — and I'm genuinely proud of what the team has put together. This is not a generic threat overview. Built on 54,000+ security investigations, it cuts through the noise and gets to what actually matters. One thing that stands out to me: the analysis of state actors goes well beyond simple attribution. The report shows how the lines between state actors, cybercriminals, and hacktivists are increasingly blurring — they share tools, impersonate each other, and mix motives. That complexity makes defence harder, and understanding it is essential. Other highlights worth your attention: identity-centric attacks are accelerating, technical debt is being actively exploited, and the cybersecurity market itself is quietly part of the problem. Huge thanks to the entire team for the depth and quality of this work. Well done. 

18

This is to be expected, as the evolving nature of cybercrime tools and the evolution of criminal groups. The approach to cyber and information security is very much reactive and supported by individuals who are just trained to carry out cybersecurity, whether in government or supporting organisations. Additionally, cybersecurity programs are not sustainable after 2 to 3 years. A regional holistic approach is needed. Let us work together in achieving this. CariSec Global Inc. #SecurityLeadership #Cybersecurity #RegionalCyberResilience #CaribbeanCyberResilience #CyberResilience #CyberAdvisory #CyberRiskManagement #CyberRisks #RansomwareAttacks #Cybercrime #Cybercriminals #InformationSecurityProgram

3

1 Comment

✴️ Exactly one week ago I attended KPN NLSecure[ID], KPN’s leading event for the Dutch security community. I hosted a session about a challenge many of us face: how to navigate regulatory challenges while keeping up with new threats, emerging technologies and and keeping the security of our organisation strong.   We showed how NN Group's approach on automating controls can help. It reduces manual work for DevOps teams, information security officers and risk managers. It also makes the work more consistent and efficient while having a good visibility on IT controls and security. The key idea is: automate the proof, not the promise. Leverage data and build controls that can be checked automatically. Thank you to KPN and specifically Chantal Vergouw and Vladimir Cibic for hosting, great keynote speakers and to the community for great conversations. Let’s keep learning from each other and strengthen our security and resilience.   📣 Special kudos’ for the Angry Nerds Podcast for interesting conversations with all speakers and attendees!   #NNGroup #NLSecureID #CyberSecurity #Compliance #DORA #Automation #DevOps #DevSecOps #ITControls 

130

2 Comments

Released this week, this cybersecurity advisory from the Dutch intelligence and security services provides an interesting insight into phishing attacks against Signal and WhatsApp users. Useful to avoid falling for these attacks. https://lnkd.in/e2_xdTVJ

13

You are currently evaluating or defining your cyber security strategy? (e.g. in the NIS context) Perhaps this paper from the Dutch Government may help focussing on the five basic principles of digital resilience and referencing the NIS and ISO 27001/2 links. https://lnkd.in/dKwENhc8

2

🔐 2025 Annual Ransomware Report - The Netherlands The 2025 Annual Ransomware Report has been published by the Nationaal Cyber Security Centrum (NCSC-NL), the Politie Nederland, the Netherlands Public Prosecution Office (Openbaar Ministerie) and Cyber Secure NL (Cyberveilig Nederland) - the association of Dutch cybersecurity companies - by means of participating incident response firms, including DEFION Security. In 2025 DEFION's Digital Forensics and Incident Response Team handled 15 ransomware specific cases. The NL report’s findings closely reflect what we observe in our global incident response practice: identity compromise is a primary entry vector and the business impact remains significant. For many organisations, ransomware is not just a theoretical cyber risk, but a real business continuity challenge. Key findings of the NL annual report are: ➡️ 65 ransomware incidents reported to police ➡️ 39 unique ransomware families observed ➡️ 55% of attacks started with account compromise ➡️ 42.5% involved double extortion ➡️ 43% of organisations experienced downtime exceeding 3 days ➡️ 15% required a week or more to recover 📄 Read the full report in Dutch 🇳🇱 here: https://lnkd.in/dUAxPi82 Other contributing incident response companies include DataExpert, Deloitte, Eye Security, Fox-IT, NFIR B.V., Northwave Cyber Security, Tesorion, Kennedy Van der Laan and PwC. #Ransomware #PublicPrivateCollaboration #CyberResilience #IncidentResponse #BusinessContinuity #DEFION

30

New Cybersecurity Bills Submitted to House of Representatives The bills for the Cybersecurity Act (Cybersecuritywet, or Cbw in Dutch) and the Critical Entity Resilience Act (Wet weerbaarheid kritieke entiteiten) have been submitted to the House of Representatives. These laws transpose the European NIS2 and CER directives into national legislation. The aim is to strengthen the resilience of EU member states against threats. Full article: https://lnkd.in/eC64Dimn

2

**Cybersecurity Insight - Week 26** This week, several significant cybersecurity threats and vulnerabilities have emerged across the region. 🔹 In the Netherlands, the NCSC issued a warning regarding new phishing campaigns targeting governmental and municipal email accounts, exploiting recent Microsoft Exchange vulnerabilities (CVE-2024-38023). The attacks aim to gain unauthorized access and sensitive information. 🔹 In Germany and Belgium, authorities reported increased activity from the APT group "Cobalt Strike," leveraging zero-day exploits in widely used VPN solutions. These attacks focus on critical infrastructure providers, with successful intrusions potentially leading to ransomware deployment. 🔹 Across Europe, researchers have observed the spread of a new ransomware variant dubbed "DarkGate," which is propagated through spear-phishing emails and malicious attachments. Notably, this malware is capable of bypassing several common endpoint protections. We encourage all organizations to stay alert, apply the latest security patches, and educate employees about ongoing phishing threats. If you have any questions on how to better safeguard your digital environment, or if you would like tailored advice or support, please do not hesitate to get in touch. For more detailed updates on recent cyber threats and how to enhance your security posture, visit [www.cert2connect.com](https://lnkd.in/embrqpjD). Stay safe, stay informed.

5

🚨 URGENT ADVISORY: Dutch NCSC Issues Critical Vulnerability Warning The Dutch National Cyber Security Centre (NCSC) has just issued a critical advisory (NCSC-2025-0268) regarding a severe vulnerability that requires immediate attention from organizations in the Netherlands and across the Benelux. This is more than just another patch alert; it's a stark reminder of the dangerous "patching gap"—the window of exposure between a vulnerability's disclosure and when a patch is successfully deployed. A reactive "patch-and-pray" strategy is a gamble you can't afford to take, especially when the warning comes directly from a national authority. At Trescudo, we believe a proactive, resilient defense is the only sustainable strategy. This means: ➤ Continuous Vulnerability Management: To identify, prioritize, and shield against critical vulnerabilities before they can be exploited. ➤ Robust Endpoint Security (XDR): To detect any anomalous behavior that could indicate an attacker is attempting to exploit an unpatched system. ➤ A Tested Incident Response Plan: To ensure you can act swiftly and effectively when an alert like this is issued. The advisory from the NCSC is a clear signal. The time to act is now. Read the full advisory here: https://lnkd.in/d4ykbQUQ Is your organization prepared to move from a reactive cycle to a proactive state of resilience? Let's have a conversation. Schedule your Cyber Resilience Strategy Session today: https://lnkd.in/drZ57-2b #Cybersecurity #NCSC #Vulnerability #PatchManagement #InfoSec #Benelux #Nederland #CyberResilience

6

2 Comments