Leading cybersecurity expert Jen Easterly: "Only purchase software that is secure by design"
Keynote speaker Jen Easterly, former director of the US Cybersecurity and Infrastructure Security Agency (CISA - read our recent interview with her here), flew in from Washington with an urgent message: "Security builds trust. Trust builds business." Or in other words, cyber security determines your business continuity, customer trust and competitiveness. Do you have everything in order? Then it is your strategic asset.
Five strategic recommendations
With her five strategic recommendations, every Belgian company contributes to building a safer future.
1. Cybersecurity starts with leadership
"Those who are constantly putting out fires cannot innovate," Easterly said. That is why cybersecurity should be a top priority at board level. In her animated keynote, she referred to a CEO who actively coordinated during a cyber incident. "He himself communicated transparently with customers. That was in line with the company's predefined strategy. Leadership makes the difference."
2. Create a security culture from the bottom up
Cybersecurity is too often reduced to technology or annual training sessions. Easterly stressed that people are the first line of defence. Or they are just the biggest risk. Therefore, "Invest in a learning-focused, proactive culture, where employees receive ongoing training in basic security, such as multifactor autentication (MFA), updates and uncrackable passwords. Security should become second nature, like locking your door," she said.
3. Demand cybersecurity from your suppliers
According to Easterly, you have one key asset in demanding cybersecurity from your suppliers: your buying power. "Why do you accept technology that is vulnerable just as you are facing a storm?" she asked rhetorically: "Hold vendors accountable. Demand software that is secure by design. This is how we are moving towards secure by demand. Vote with your budget."
4. Focus on cyber resilience
Easterly emphasised the importance of resilience: the ability to recover and become stronger after an attack. Just as she co-designed a data system that saved lives as a US Marine in Baghdad in 2007, companies today need to build systems that respond quickly, absorb mistakes and learn from incidents. Resilience is the new benchmark for digital robustness.
5. Work together to build a stronger ecosystem
Finally, Easterly called for more collaboration. "The threats are too great and growing. Successful organisations are building active partnerships with governments, industry associations and international networks."
The latter advice was strongly endorsed by participants in the ensuing panel discussion. "We definitely need to reach out more to the private sector," said Catherine De Bolle, Executive Director at Europol. "We already share operational data with the financial sector and announced a renewed cooperation with Microsoft. When companies from other sectors also inform us about threats and attacks, we can work out even better solutions."
”Europe is big enough to stop being a digital colony”
"Empowering people, learn from mistakes and innovate," is how Inge Schildermans, Group Technology & Innovation Officer and SVP Energy Transition at Bekaert, summed up the challenges: "A secure corporate culture and policy are not just an IT matter. It is a responsibility for the entire company and the ecosystem around it. For example, ensure that third parties do not bring in vulnerabilities."
There is still work to be done in several areas. Also in Defence, as recognised by L.R. Major General Michel Van Strythem, Commander of the Belgian Cyber Command, Ministry of Defence: "We have to go back to the future. It is up to us to rebuild defence with the integration of the digital world and cybersecurity. That we are serious about this is demonstrated by the creation of Cyber Force as the fifth service in defence, with the accompanying emblem and inauguration by King Philip in early June."
Benoît Deper, CEO of Aerospacelab, garnered the most applause. Among other things, with his statement, "Europe is big enough to stop being a digital colony of China and the US." His confidence in these superpowers is low: "I am not 100% sure that China is not hacking our satellites. So far we didn't find any traces, but that doesn't say everything. We build pretty much everything in-house, but no one can feel completely safe. After all, who fathoms the full code of their suppliers?" His solution? More Europe: "We need to have our own tech lab in Europe and stop buying non-European software and products."
"Government personally wants to open doors"
Defence Minister Theo Francken highlighted in particular the opportunities for Belgian industry players: "Only if industry steps in and answers our call for cooperation can Defence be strengthened. Moreover, our ports, railways and infrastructure must be prepared to transport military equipment from our partner countries. This creates opportunities for all kinds of sectors. As a government, we are already removing obstacles and helping our companies export more. Be sure to take part in our upcoming trade missions. Or ask us personally to open doors for you."
After warm applause and accompanied by the beats of DJ pianist Tim Grant, the business leaders made their way to the walking dinner and networking at the Skyhall in Zaventem. For many, it undoubtedly became the start to better cyber resilience.
