In an era where every weakness is exploited for a cyber-attack, high-performing cyber incident response plans (CIRP) are a cornerstone of a sound cyber security strategy. With this in mind, a year ago, Joris Pinoy, Head of Cyber Threat Management at Euroclear, committed himself to the role of co-chair of the Cyber Incident Detection and Reponse (CIDR) focus group of the Cyber Security Coalition. “As the speed of attacks continues to increase, the ability to deal with acute emergencies is more important than ever.”
“We need to learn to reason more like a community”
“Within Euroclear, we of course pay a lot of attention to cyber security and have a clear framework that defines how we respond to incidents and attacks. However, not all organisations have those resources. That is why it is important to share the existing expertise and best practices around incident response as much as possible,” Joris Pinoy begins.
“Since I took over the leadership role in this focus group, together with my co-chair Jeremy Schmidt (who holds a similar position to mine at Proximus), we have put more emphasis on creating value for individual members and their organizations. For example, we organize tabletop exercises around common cyber scenarios for the members and share new challenges and tools that can help to defend against them. We also aim to become more present on social media, and actively visit schools to highlight our expertise and show its added value.”
Growing membership
The focus group’s growing membership, amongst other things, clearly demonstrates that this approach is paying off. “We see a great eagerness in the field, where the added value of the focus group is clearly felt. This reflects the continuous rise in cyber incidents, and the realisation of the need for adequate response. The speed of attacks continues to increase, making it more important than ever to be able to deal with acute emergencies.”
Through discussions on real-life situations and simulations, the focus group aims to facilitate extensive knowledge sharing. “Last year, for instance, we worked out a so-called tabletop scenario: a fictional, elaborated scenario starting from a ransomware attack, that we then presented to small groups. The participants could learn from each other how to react, then take this knowledge back to their own organisations to further optimise their own response plans,” Pinoy explains.
Critically, this kind of initiative only creates value if all participants are willing to share their own knowledge. “That is why (especially when recruiting new focus group members) we actively screen whether an individual aligns with the group’s purpose, both on a personal level and in terms of the organisation they represent.”
Strengthening the culture
Looking to the future, Joris Pinoy wants to continue down this road, and focus even more on the power of shared engagement. “I believe there is still a lot of untapped potential in Belgium in this area. While countries such as the Netherlands and the UK have had standard practices for a long time, here, generally, we are not yet used to sharing our best practices around cyber incidents. We need to continue building a culture of ongoing sharing, and to learn to reason more like a community. This means sharing information whenever possible, rather than always keeping the attention on the individual organisation.”
To remain at the forefront of this evolution, the focus group will soon welcome a third chair. “In consultation with the Cyber Security Coalition, we have chosen someone whose ambition and motivation are a good match, and who will help broadcast the added value of this focus group. Together, we aim to continue our growth, including towards sectors where we are less strongly represented today. However, personal contact and the opportunity for everyone to really get to know each other will remain the starting point,” Pinoy concludes.
Especially since the COVID pandemic, we have observed vulnerabilities in software systems being exploited much more rapidly, sometimes within hours of launch. Concrete tips and helplines for defusing such moments of crisis are a crucial added value.
