Cyber Security Assessment 2023: expect the unexpected

The digital threat for the Netherlands remains as high as ever and changes continuously. State actors use cyberattacks to achieve their geopolitical goals. Cybercrime represents an attractive business model, that harms people and organisations as a consequence. New technologies also bring along new threats. In the Cyber Security Assessment Netherlands 2023, the National Coordinator for Counterterrorism and Security (NCTV) warns organisations to expect the unexpected and to adapt their security accordingly. The CSAN is a publication by the NCTV in cooperation with the National Cybersecurity Centre (NCSC).

Enlarge image CSBN 2023
The development of "Generative AI," a form of AI that can create new content from existing content based on prompts or questions that are entered by users, is rapidly advancing. Its impact on society is still unclear. This topic will also be addressed in this CSAN.

Expect the unexpected

"We see that cybercriminals are becoming smarter and smarter. This is to be expected, seeing that there is a lot of money to be made. The downside of this is, that it greatly damages organisations and society. It is therefore important that we increase our resilience, because the security of digital processes is and will remain linked to national security. More than ever, our country, every sector and every organisation is part of a digital ecosystem. A network of businesses, products, suppliers and applications that are digitally interconnected provides knowledge and economies of scale, but also leads to risks and vulnerabilities. Because of the close online interwovenness, everyone can experience the consequences of a cyber incident that at first glance seems unlikely. We cannot always prevent cyber incidents, but we can increase our resilience, reduce the impact and limit the damage. Reducing the imbalance between the digital threat and resilience therefore remains a major challenge. In short, expect the unexpected." Says Pieter-Jaap Aalbersberg, National Coordinator for Counterterrorism and Security.

Geopolitical hardening increases the risk

The geopolitical situation has continued to harden in the last year, with the most prominent example being the Russian war against Ukraine. State actors turn to cyberattacks as a means of pursuing their interests, resulting in possible chain effects. Chain effects occur when, for example, the power goes out as a result of a cyberattack, bringing education to a standstill or impeding patient care in a hospital. What stands out, is an increase in cyberattacks by hacktivists, where organisations are targeted for symbolic reasons, for example because the country in which they operate supports Ukraine. Socially disruptive cyber incidents have not yet occurred in the Netherlands or in other EU countries. However, that is no guarantee for the future.

Attractive criminal business model

Extortion remains an attractive business model for cyber criminals. This certainly applies to encrypting files and/or by threatening to publish obtained information. We also see that cybercriminals sometimes bundle and resell information. The professionalisation and commercialisation of criminal tools and services continues to increase, meaning that even technically less skilled criminals can easily carry out cyberattacks. The value of data and the scalability of cybercrime lead to criminals looking for vulnerabilities wherever they can find them. The interwovenness of our digital ecosystem makes almost every organisation a potential target - accidental or otherwise.

New (technological) threats

Technological advancements are creating new threats. One specific example is generative AI. Generative AI – like ChatGPT - makes it easier to develop malware and can for example make phishing emails appear more credible. With widespread use of these techniques, it is more and more difficult to establish the authenticity and authority of texts, images, videos and audio. However, increased use of this technology can also introduce opportunities. AI can be a tremendous help in detecting malware and things that deviate from the normal, allowing us to deter attacks faster and better.