Conference Matters 144

DIGITAL TRANSFORMATION

We call this ‘assume breach’. This way, you automatically start looking at your security differently.” Growing legal pressure Vital sectors such as water companies, energy companies and telecoms have been subject to additional legislation for some time. However, the scope is now expanding rapidly. The Euro pean Union’s new NIS2 Directive (Network and Information Security Directive 2) intends to improve the cybersecurity and resilience of essential services in EU Member States, subjec ting municipalities and some commercial sectors to stricter cyber security requirements. “Many organisations have only just begun working on this. People are suddenly panicking because they have to set up everything.” Spruit thinks it’s a shame that some people only take cyber security seriously when it’s requi red by law. “It’s actually sad that we need a law. You’d hope that organisations already feel the urgency. But sometimes legislation is the only thing that works to raise awareness.” SMEs are lagging behind Yet the biggest gap is still in SMEs, both experts stress. “Most organisations don’t have an IT

In a sector where the time pressure is high, there is little room to think carefully about suspicious e-mails.” Molenaar explains that events have been targe ted in the past, such as in 2024, when the data of millions of Ticketmaster users was stolen in a breach. “That shows that things can really go wrong in this industry as well.” What should you do? What can organisations do to better protect themselves? “Start with the basics. Make sure you know what you have and what it’s worth. Make sure your systems are up-to-date and that you have access to them properly and safely. Make regular backups. It sounds simple, but many organisations don’t have a backup routine," Spruit explains clearly. The National Cyber Security Centre (NCSC) and the Digital Trust Centre (DTC) have five basic principles that every organisation should follow: make an inventory of your business’ major components, segment your network, moni tor your systems, practise with incidents and provide recovery options. According to Molenaar, being aware of vulnera bilities is also crucial. “You should always assume that your network has already been breached.

Robert Molenaar 'It is crucial that the conference

sector is alert

to its chain dependency'

ISO 27001 ISO 27001 is an international standard for information secu rity that sets out a framework for establishing, implementing, managing and continually improving an Information Security Management System (ISMS). The standard describes how organisations can set up their information security in a process-based way to identify, manage and reduce risks. The ISMS is the core of ISO 27001. This system helps organi sations secure sensitive information through policies, proces ses and controls that align with their business goals. An important part of the standard is the performance of a risk

analysis. Organisations identify potential threats and take measures to minimise the likelihood and impact of these risks.

Conference locations The Dutch conference sector has three companies that are ISO 27001 certified. The Koninklijke Jaarbeurs in Utrecht was one of the first conference centres in Europe to be certified ISO 27001. Onemeeting, a booking platform that manages meeting centres, is also certified. Esprit ICT, a provider of hybrid meeting systems, is the third company with ISO 27001 certification.

16