Navigating the threat landscape

In our previous blog post , Dennis de Hoog explained that it is becoming increasingly difficult for organizations to separate information from disinformation. To draw up a solid security policy, you should not focus on hypes and let fear guide you. Difficult, because that's what the media are full of.

What are the real threats? We talked to Dennis about that!

1. Ransomware

"If we zoom out for a moment, it's actually still about digital burglary," says Dennis. "Malicious parties gain access to data and steal it. You will then have to pay a ransom if you want to get your data back and/or prevent your data from being published on the Dark Web

Such a ransomware attack can take place through all kinds of channels and is still the biggest threat to every organization. Dennis: "Whether you operate in healthcare, in financial services or in the manufacturing industry, you can suffer serious damage from this. When certain data is no longer available to you, processes go awry, you can no longer serve customers or the provision of care stagnates. Organizations therefore regularly feel forced to pay large sums of money. So you want to keep malicious people out of the digital door at all costs." Or at least know very quickly when they are trying to penetrate.

2. Internal risks

There are plenty of threats from outside. But there are also internal dangers  surrounding the (unintentional) leaking or manipulation of data, says Dennis: "It is crucial that employees understand that they are working with sensitive data and how they can best deal with this sensitive data. Employees are sometimes referred to as an 'insider risk'. I think that sounds very negative, because they are precisely the strength of your organization. I would therefore say: use that force. Create awareness around digital security within your organization. Draw up house rules and explain to people how they can be alert to threats. In this way, you minimize the internal risks together."

3. Disruption of society

Some malicious parties target not just one organization, but society as a whole. "Disruption of social life is sometimes unfortunately an end in itself," says Dennis. "If, for example, our energy trail or money traffic comes under the control of malicious parties, it leads to chaos in society. This is, especially in this day and age, a real danger that certain authorities must guard against. It is important to be alert to this."

4. Espionage

With this term, you might imagine exciting figures with long coats and hats. Although those days are behind us, the phenomenon of 'espionage' is still a danger. It is now only often done digitally. "Malicious actors who operate at the state level often want to watch intelligence services or attack universities to gather knowledge," says Dennis. "They try to obtain information for political or economic gain. These kinds of threats are still very topical in 2025."

Same battle, different arena

In fact, we are dealing with many of the same threats today as we did 20 years ago. They are just coming at us in a different form now. "Cybercriminals have not developed a new model," Dennis concludes. "We are still dealing with criminals. But where they used to meet in the local pub on the corner, so to speak, they have now grouped themselves into digital organizations. Two decades ago, your primary concern was securing your physical office. Although that is still important now, you also have to take all kinds of digital security measures . So security has become much more intensive and complex."