Author Archive

Cyber Security: 5 basic lessons for everyone

Fred Streefland, IT-Security Manager at LeaseWeb and Dave Maasland, CEO Eset Netherlands.Cyber Security

A version of this article originally appeared on Computable.

Recently we’ve had the opportunity (a quite fun and interesting opportunity), to visit a number of Information Security and Cyber Security congresses. During these congresses we were flooded with relatively ‘new’ developments such as Next-Generation, IoT (Internet of Things), IoT DDoS, Security Intelligence Platform, et cetera. The fact that some these terms have become ‘hype’ is not in itself a problem, but we did begin to wonder whether the security world may be looking at things in the wrong way and thereby missing the demands that need to be addressed.

In this article we will suggest a new way of looking at cybersecurity that stops viewing it as a goal in itself and instead as something that is directly connected to business needs. As it stands now, it seems that too many security-organizations are missing the mark.

Security can be quite complex, but its essence is quite simple. Security is nothing more than reducing or taking away risks, and making them visible so that the business can accept them and continue doing its work – nothing more, nothing less. To do this as effectively and efficiently as possible, we, as security-people, have to understand the business and not see it solely from an IT-Perspective but form the broader perspective of the business itself.

When starting from the business, we first have to identify, map, and categorize the risks for the specific business. Second, we have to determine, together with the business itself, which risks need to be dealt with in which order. When that’s done, the person responsible for security within the company has to set-up a security-plan that depicts how these changes are executed. When doing so, there should always be clear goals and deadlines. Ideally, this should be done in a ‘smart’ way, one step at a time, so as to not engage in too many projects at once.

Lesson 1: Start with the business (and its risks)

Read the rest of this entry »

Security precaution: update your passwords

secureThe only way to stay safe on the internet is by helping each other minimize security risks. So as a precaution, I want to make you aware of a situation that could possibly affect you.

There are currently several databases available on the internet containing personal data such as e-mail addresses, user names and associated passwords. Lately, our security teams have noticed an increase in attacks attempted by unauthorized parties using this data.

In order to protect yourself, we recommend everyone to take the following actions if you haven’t done so already:

Read the rest of this entry »

Security: it’s all about managing risk!

EnterPrise_01_ComplianceOrganizations are increasingly dependent on their digital infrastructure. At the same time, these organizations seem to be more vulnerable than ever as cyber criminals’ techniques become more and more sophisticated. So how can you handle this situation? In other words: how do you become a secure online organization?

This was one of the topics discussed by Dell and LeaseWeb customers during a roundtable discussion about security. IT security specialist and journalist Brenno de Winter provided interesting insights in his introduction: “If your company wants to be a secure organization, you have to manage risks. There are four options when dealing with risks: accepting them, reducing them through security measures, avoiding risks by ceasing certain activities, or to partially outsource risk management to a third party. There are also affordable insurance policies against hacks available which are worth considering. But no matter what you do, make sure you have a risk management strategy in place, supported by tools that identity the security risks of your organization.”

Read the rest of this entry »

Outsourcing your IT security: yes or no?

CloudSec_comp“Should we keep IT security in-house or is it better to outsource?” This has long been a thorny issue for organizations. Recently, it was one of the most important topics during a LeaseWeb Security Round Table with customers and I’d like to share some of the things I learned.

The discussion immediately took off following a statement from one of the participants, an end user: “In the Netherlands, the mantra is to focus on your core business. I dare to differ. I always learned that when operations are critical to your organization, you should keep them close. If security is critical to your company, why outsource it? If you outsource, you disconnect it from your company. What do you think about this?”

Read the rest of this entry »

Are you compliant with the new Dutch Law on Data Breach Notifications?

EnterPrise_01_ComplianceOn January 1, 2016, the new Dutch Law on Data Breach Notifications came into effect. Organizations – both companies and government agencies – are now required to immediately report any serious data breach to the Dutch Data Protection Authority (Authoriteit Persoonsgegevens). And, if it is likely that the data breach will have an adverse effect on the privacy of those involved, those people have to be informed as well.

A data breach is defined as the act of accessing, deleting, modifying or releasing personal data, committed unintentionally by the organization. Not only releasing (e.g. leaking) personal data, but also the illegal processing of data, will be seen as a data breach. Examples of data breaches are a lost USB stick containing personal data, a stolen smartphone or malicious access to a database by a hacker.

Read the rest of this entry »

Stay safe: how to install the patch for Linux bug CVE-2016-0728

200px-Tux.svgA security bug affecting Linux versions 3.8 and higher was recently identified. Although this bug (CVE-2016-0728) was first introduced into the Linux Kernel in 2012, it was only discovered and made public a few days ago. When we learned of the bug’s existence, we immediately patched all internal LeaseWeb servers. We advise everyone to patch their servers as well.

The vulnerability in the Linux kernel could potentially be used by attackers in order to obtain higher privileges from a regular account. It uses a technique called “use-after-free” to control the way memory is freed on kernel objects which is then replaced with user supplied data, while keeping the privileges of that memory object.

Read the rest of this entry »

Roundtable recap: security starts and ends in the boardroom

CloudSec_compThe IT industry is slowly becoming a technically solid sector, but until now, it continues to be vulnerable as well. Security incidents are still widely reported in the press. It’s an important topic, and one there are many ways of looking at it. This is I why lead a round table session with nine LeaseWeb customers, where questions were answered about the new Dutch Law on Data Breach Notifications (Meldplicht Datalekken) and participants discussed how to organize a secure online company.

The participants were executives of companies which have IT as a core business, or companies that use IT for their online services. They were joined by LeaseWeb founders Laurens Rosenthal and Con Zwinkels, and Jort Kollerie, Enterprise Security Specialist at Dell Security. In addition, IT journalist and security specialist Brenno de Winter shared his experiences about the topic.
Read the rest of this entry »

LeaseWeb on Twitter

April 27th was King's Day in the Netherlands. It was a great opportunity to celebrate together with our customers

test Twitter Media - April 27th was King's Day in the Netherlands. It was a great opportunity to celebrate together with our customers https://t.co/WXZ73zehsB

Linux Engineer? Are you keen to work in a fast-moving environment with like-minded people? Let us know! We're hiring lnkd.in/gZ_7Ezd

test Twitter Media - Linux Engineer? Are you keen to work in a fast-moving environment with like-minded people? Let us know! We're hiring https://t.co/I4EHP3oSc2 https://t.co/pHuv5hxH1c

Read our CEO's reflections on the amazing growth that has made LeaseWeb the company it is today: blog.leaseweb.com/2017/04/26/loo… #LeaseWeb20

test Twitter Media - Read our CEO's reflections on the amazing growth that has made LeaseWeb the company it is today: https://t.co/vg5W5PUjRW #LeaseWeb20 https://t.co/jU0aayoqdk

"Mens sana in corpore sano" - Our team in training for last year's Viking Run #LeaseWeb20 #throwbackthursday

test Twitter Media - "Mens sana in corpore sano" - Our team in training for last year's Viking Run #LeaseWeb20 #throwbackthursday https://t.co/pCNEfXwmAa