The digital resilience of the Netherlands is difficult to assess in one sentence, according to Holterman. "In recent years we have taken more and more measures to increase resilience. But at the same time you see that insecurity is also increasing. Just look at the geopolitical situation we are in. So when is digital resilience really in order?". Cyber threats have changed, though. "Cybercrime has been around for decades, but its character has changed. Whereas attacks used to often target individual users, cybercriminals are now increasingly targeting organizations because that is a much more lucrative business model." According to Holterman, many organizations do not yet have their basic digital security fully in place. "No, we are not yet at a point where we can sit back," he said.
Changing threat landscape
One important development is hybrid threats. "Cyber attacks, disinformation campaigns and geopolitical tensions are indeed coming together more and more. This is also due to developments such as AI. The fact that this is coming together means that organizations have to be much more forthcoming." According to Holterman, organizations see a new challenge emerging as a result: not only the security of systems, but also the integrity of information. "For a long time, cybersecurity was mainly about the availability and reliability of information. Nowadays, it is also increasingly about its integrity: is the information actually correct?" This means that organizations need to look more critically at data. Not only at how it is stored and protected, but also at its origin and reliability.
One of the biggest misconceptions Holterman encounters among executives is that cybersecurity is solely an IT issue. "Cybersecurity is an IT issue, which they have nothing to do with because they have either outsourced it to an outside vendor or they have good people on staff. But cybersecurity is also a business issue and that's where things often go wrong. Organizations that are digitally resilient, in any case ensure that they have thought about the whole palette of cybersecurity. So preventive measures as well as measures, when something does happen, to be up and running again quickly."
All puzzle pieces are needed for cooperation
Becoming cyber resilient is only possible by working well together. According to Holterman, digital security is impossible to achieve by one organization or sector alone. Cooperation between government, business and knowledge institutions is essential. "Nobody can solve the puzzle on their own. Everyone has a piece of the puzzle. So you do see in the area of cybersecurity that we are very inclined to work together, to increase that resilience, to share specific threat information with each other. It's generally going pretty well." Still, Liesbeth Holterman sees room for improvement. Especially in the area of direction and bringing together all that separate information, there is still room for improvement.
Societal digital resilience
Digital security is not only about organizations, but about society as a whole. Holterman therefore talks about societal digital resilience. This means that citizens, businesses and governments take joint responsibility for digital security. At the same time, she recognizes that this is complex because digital systems are highly intertwined. "Technology is so intertwined. It really is a big 'plate of spaghetti.' It's almost impractical to bear that responsibility on your own." Laws and regulations therefore play an important role. New legislation should help organizations take better responsibility while stimulating cooperation in the chain. But it's mainly about the triangle: people, organization and technology.
"Signs that Dutch organizations are under pressure from resilience? Well, you can see that, among other things, in the hacks, which have been making the news recently. We've had two - Odido and Clinical Diagnostics - that really had a lot of impact in terms of magnitude, because it affected so many citizens."
New technologies
Technological advances such as artificial intelligence are playing an increasing role in cybersecurity. "AI can help analyze large amounts of data and detect threats faster and thus increase our resilience. But the same technology can also be used by malicious actors. For example, AI makes it possible to create a very targeted phishing email at the touch of a button. This means we have to be very alert ."
People and talent
Another challenge, according to Holterman, lies in the area of talent. The high demand for cybersecurity specialists is growing rapidly, while there are huge shortages of the number of available professionals. "Digital knowledge is becoming increasingly important in almost all professions. Think also of mechanics, nurses or a driver. So even if you are not a cybersecurity expert, you need to understand how digitization works and what its impact can be. That's why training and organizations need to invest in digital skills for a wide range of professionals."
Listening to digital autonomy at eRIC
During eRIC, Liesbeth Holterman gives a presentation on digital autonomy: how cybersecurity can reduce our dependency. She shows what steps - and autonomous choices - organizations can already take to increase their digital resilience: from physical protection and risk diversification to strengthening human capital. eRIC brings together professionals from different security domains. From crisis management and cybersecurity to technology and public safety. And it is precisely this combination that she believes is so important.
Personal and shared mission
"What I like about this field is that so many people have the same intrinsic motivation: to make the world a little better and safer. I see this shared mission reflected in government, companies and scientists. I myself just brought children into this world. And the fact that I can and may contribute in my current and connecting role ensures that I go to work every day with a lot of energy," she concludes enthusiastically.
Want to know more? Visit the lecture "Digital autonomy: how cybersecurity can reduce our dependence" by Liesbeth Holterman during eRIC on April 22 at 15:45, lecture hall 1.