'Disturbing' police hack should be wake-up call for every business
In the Cracked by Jordens series, we look at the cyber security of consumers and businesses in the Netherlands. Today we cover the recent police hack.
Published on October 4, 2024
Our DATA+ expert, Elcke Vels, explores AI, cyber security, and Dutch innovation. Her "What if..." column imagines bold scenarios beyond the norm.
A recent hack at the police department stole contact information for 65,000 police employees. This includes names, e-mail addresses, and phone numbers. According to intelligence and security agencies, it is very likely that a foreign state is behind the attack, although the country in question is not named. We spoke with expert Patrick Jordens about the incident. He is the director of Trusted Third Party (TT3P): a Dutch company specializing in cybersecurity.
As a cybersecurity expert, does a hack like this startle you?
“I am extremely shocked by this. While I hear a lot about hacks of various shapes and sizes, this is of a very different order. This is serious. Think of undercover agents and arrest teams; their identities must not be revealed. If it does, criminals can put pressure on the organization, which not only jeopardizes the safety of the officers themselves, but also ongoing investigations.”
The police invest heavily in cybersecurity, and employees receive training to increase their awareness. Yet it turns out that a single mistake can be enough to send sensitive information into the street. And to think that the average SME takes far fewer measures than the police.”
Although the definitive cause has not yet been determined, the police union suggested that it was a malware attack. How exactly does that work?
“Malware is an umbrella term for malicious software designed to cause damage to computer systems or gain unauthorized access to data. There are different types of malware, for example, aimed at data theft, but there are also forms that disrupt and render systems unusable. Often malware gets onto systems through a user action, such as an employee downloading an attachment or clicking on a link.”
What can companies and organizations learn from this police hack?
“This should get everyone thinking: how well am I actually protected myself? A big problem is that many companies, especially SMEs, cannot get their cybersecurity in order while the threat is increasing. There is also still a lack of willingness to take action. We really can't afford that anymore. And the idea that insurance is the solution is a fallacy. What good is insurance if the data of thousands of employees has been leaked? Preventive measures are essential. Hire an expert and think structurally about your cyber security.”