The lessons of 25 years of cybersecurity
To further strengthen the digital resilience of organizations and learn from the past, we highlight the period 2000-2025 from a cybersecurity perspective.
Digital transformation
Almost every sector has experienced digitization in recent years. Organizations that still operate without digital resources have become a rarity. This digital transformation has made organizations more efficient and flexible, but it also brings new challenges.
The dependence on IT systems has increased in recent years, and with it the need to properly secure these systems.
Cyber threats are increasing and evolving rapidly. More and more advanced techniques are being used; from phishing attacks based on voice phishing to sophisticated ransomware.
Cybercrime is therefore a serious threat to business continuity and reputation. A solid security strategy is therefore no longer a luxury, but an absolute necessity for any organization that wants to operate safely and future-proof.
Organizations learn from past mistakes and can draw on a wide variety of best practices.
The past predicts the future
What lessons can we learn from past incidents?
Risk-based work
By choosing an approach that is based on risk-based work, you identify the essence: which components of your organization should you protect to ensure business continuity?
This risk-based approach is a necessity now that many organizations are (still partly) in ignorance and looking for cybersecurity guidance.
Remember that you can't protect everything and certainly not everything at the same time. Identify what you really need to protect and invest in it, learning from the lessons of the past.
Strengthen your digital resilience
Managed Detection and Response
In recent years, technology has greatly improved the efficiency of SoCs. AI and automation help analysts recognize patterns, filter alerts, and assess threats more quickly. For example, we closely monitor IT environments for abnormal behavior.
Intelligence Driven Protection
The information used by the SOC experts can be further enriched with information from threat intelligence. It is important for organizations to know what information about your organization is shared on the clear, deep and dark web.
Comply with laws and regulations
Legislation and regulations provide organizations with tools to raise the level of cybersecurity. Examples include the Cyber Resilience Act, the CER Directive, the Cybersecurity Act (NIS2), and the Digital Operational Resilience ACT (DORA).
The development and growth of cybercrime
Cybercrime continues to evolve. When we look at the developments of the past five years, the following stands out:
Supply chain attacks
Cybercriminals infiltrate software vendors or service providers to compromise customers and partners through them.
AI-driven phishing and deepfake fraud
Cyber attackers are using AI to make phishing messages more credible or generate deepfake videos and audio for identity fraud. This is how CEO fraud is becoming increasingly convincing.
There are currently a limited number of examples of incidents where criminals mimicked the voice of a supervisor or board member to convince employees to transfer money.
Zero-day exploits
Hackers exploit unknown vulnerabilities (zero-days) in commonly used software before a patch is available.
Attacks on APIs
Cybercriminals target vulnerabilities in Application Programming Interfaces, often due to misconfigurations or weak authentication.
the vision paper on 25 years of cybersecurity
In this paper, we provide tools for improving your organization's cybersecurity based on developments and a number of cyber incidents that have occurred over the past 25 years.
Trusted by leading organizations in the Netherlands
Nice to meet you, we are Tesorion
Tesorion is a 100% Dutch, independent cybersecurity service provider. We combat cybercrime and minimize business risks. Tesorion protects your organization 24/7 thanks to our technology and more than 100 experts.
