Case

de Vereende

De Vereende is an insurance company that provides solutions for risks that are difficult to place elsewhere, fulfilling a safety-net function. Where conventional insurers find the risk too high, De Vereende steps in. Thanks to their specialized knowledge and customer-centric approach, De Vereende plays a crucial role in ensuring coverage for a wide range of complex risks in the market. 

“We already knew where our strengths and weaknesses lay, but the collaboration with Securify has elevated this to a higher level.”
Patricia Koppers
CISO, De Vereende

Challenges

De Vereende relies heavily on the integrity and reliability of its IT systems. The nature of their work involves handling sensitive customer data and complex financial transactions, making them an attractive target for cyberattacks. With the introduction of the Digital Operational Resilience Act (DORA), financial institutions are required to meet stringent standards for risk management, incident reporting, and testing of operational resilience. Although De Vereende is not subject to the strictest requirements due to its size, they still follow the guidelines to achieve high resilience. To address these challenges, De Vereende collaborates with Securify, experts in preventive cybersecurity.

Cybersecurity and DORA

Under DORA, financial institutions are required to conduct regular security assessments. De Vereende works with Securify to meet these requirements. Their testing program includes various types of tests and activities, such as penetration testing and Purple Teaming sessions. 

Patricia Koppers, Chief Information Security Officer (CISO) at De Vereende, emphasizes the importance of this collaboration: “I believe it is appropriate that penetration tests are included in DORA; it is one of the most important measures. We already knew where our strengths and weaknesses lay, but the collaboration with Securify has elevated our security to a higher level.” 

Goals

  • Increase the organization’s resilience. 
  • Comply with DORA requirements. 
  • Raise internal awareness of the importance of security. 
  • Reduce risks by addressing findings and implementing the right measures. 
  • Gain clear insights into the specific cyber risks the organization faces. 
"A good security testing policy is a prerequisite. As an organization, you must set your own goals and work with testers to determine what you want to achieve."
Veruschka Kavelaars
ISO, De Vereende

Security Testing Strategy and Implementation

Veruschka Kavelaars, Information Security Officer at De Vereende, underscores: A good testing policy is a prerequisite. As an organization, you must set your own goals and work with testers to determine what you want to achieve. Then you walk that path together and ultimately achieve the result. 

For one of the tests, De Vereende followed a realistic scenario similar to how a hacker would act. A phishing test was set up to collect login credentials and use them to break into the environment. “We gave Securify a laptop with minimal rights to see how far they could go,” Kavelaars explains. “Fortunately, our organization responded well. We had not informed the party responsible for our SOC/SIEM monitoring, but they alerted us immediately when they noticed the activity.” 

Solutions

  1. Penetration Testing: Securify regularly conducts penetration tests to assess the resilience of De Vereende’s systems and identify vulnerabilities.
  2. Purple Teaming Exercises: Through realistic attack simulations, Securify helps De Vereende further strengthen their operational resilience.
  3. Retainer: Advisory and on-demand support, with Securify providing the right expertise and assistance at the right time.

Results

  • Increased resilience of De Vereende against cybercrime, based on the organization and IT environment. 
  • Higher security awareness within the organization. 
  • Compliance with DORA guidelines regarding penetration testing. 
Conclusion​

The collaboration with Securify has significantly enhanced De Vereende’s digital resilience. There are various security tests at different levels depending on the organization’s goals and maturity. By regularly conducting penetration tests and Purple Teaming sessions, De Vereende will comply with DORA requirements and protect its critical IT systems against cyber threats. 

Patricia Koppers concludes: “We are in the lead; we must define the purpose of the tests. Securify provides advice to ensure the coherence of the tests and to help us achieve our ultimate goal. It is a learning process for the entire organization. Securify’s reports include clear findings and practical advice. By raising awareness, we have also made our organization more resilient. Employees now think more from a security perspective.” 

The collaboration with Securify remains crucial for De Vereende to maintain and continuously improve digital resilience. 

Other cases

Cases

11 September 2024

Case: de Vereende

Under DORA, financial institutions are required to conduct regular security assessments. De Vereende works with Securify...

MEER INFORMATIE