{"id":854356,"date":"2025-06-09T06:12:17","date_gmt":"2025-06-09T11:12:17","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2025\/06\/09\/dutch-universitys-rapid-response-saved-it-from-ransomware-devastation\/"},"modified":"2025-06-09T06:12:17","modified_gmt":"2025-06-09T11:12:17","slug":"dutch-universitys-rapid-response-saved-it-from-ransomware-devastation","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2025\/06\/09\/dutch-universitys-rapid-response-saved-it-from-ransomware-devastation\/","title":{"rendered":"Dutch university\u2019s rapid response saved it from ransomware devastation"},"content":{"rendered":"<div id=\"content-header\">\n<h2>Eindhoven University of Technology has planned multi-factor authentication and regularly practised cyber crisis drills \u2013 yet it still fell victim to attackers who exploited gaps in its defences<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\tKim Loohuis<\/li>\n<\/ul>\n<p>\n\tPublished: <span>04 Jun 2025<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{33}\" paraid=\"1267710474\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">Earlier this year, <\/span><\/span><a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/www.tue.nl\/en\/\"><span xml:lang=\"EN-US\" data-contrast=\"none\"><span data-ccp-charstyle=\"Hyperlink\">Eindhoven University of Technology<\/span><\/span><\/a><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"> (TU\/e), one of the Netherlands\u2019 leading technical universities, <\/span><span data-ccp-parastyle=\"No Spacing\">demonstrated<\/span><span data-ccp-parastyle=\"No Spacing\"> the uncomfortable truth that e<\/span><\/span><span data-ccp-parastyle=\"No Spacing\">ven\u00a0<\/span><span data-ccp-parastyle=\"No Spacing\">organisations<\/span><span data-ccp-parastyle=\"No Spacing\"> that tick all the cyber security boxes can fall victim to sophisticated attacks, when<\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">\u00a0attackers gained enterprise-level access to its network and began preparing what forensic investigators later concluded would have been a devastating ransomware attack.<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{44}\" paraid=\"973708312\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The university\u2019s response was dramatic: i<\/span><span data-ccp-parastyle=\"No Spacing\">t disconnected all 14,000 students and 4,700 staff from the internet for an entire week. That<\/span><span data-ccp-parastyle=\"No Spacing\">\u00a0decision, taken within hours of detecting the breach, prevented what could have been months of crippled operations and millions in ransom demands.<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{58}\" paraid=\"2142534597\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The incident began on 6 January, when attackers used legitimate credentials found on the dark web to access TU\/e\u2019s virtual private network (VPN) system. Five days later, they launched an assault, and within hours, they gained the highest administrative privileges on the domain controllers \u2013 effectively having complete control over the network \u2013 and started installing persistence tools typical of ransomware preparation. This triggered the security monitoring. <\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{96}\" paraid=\"2040401720\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The paradox facing <\/span><\/span><a rel=\"noreferrer noopener\" target=\"_blank\"><span xml:lang=\"EN-US\" data-contrast=\"none\"><span data-ccp-charstyle=\"Hyperlink\">Martin de Vries<\/span><\/span><\/a><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">, TU\/e\u2019s chief information security officer (CISO), illustrates <\/span><span data-ccp-parastyle=\"No Spacing\">an<\/span><span data-ccp-parastyle=\"No Spacing\"> uncomfortable truth about modern cyber security: perfect prevention <\/span><span data-ccp-parastyle=\"No Spacing\">remains<\/span><span data-ccp-parastyle=\"No Spacing\"> elusive, even for well-prepared <\/span><span data-ccp-parastyle=\"No Spacing\">organisations<\/span><span data-ccp-parastyle=\"No Spacing\">. <\/span><span data-ccp-parastyle=\"No Spacing\">However, <\/span><span data-ccp-parastyle=\"No Spacing\">when the crisis call came that Saturday evening, his team\u2019s rapid response would prove the difference between a week of disruption and potential devastation.<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<div>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{119}\" paraid=\"1909701143\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The situation De Vries <\/span><span data-ccp-parastyle=\"No Spacing\">encountered<\/span><span data-ccp-parastyle=\"No Spacing\"> was a cyber security nightmare: attackers with enterprise privileges fighting his team for <\/span><span data-ccp-parastyle=\"No Spacing\">network control<\/span><span data-ccp-parastyle=\"No Spacing\">.<\/span><\/span><\/p>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{119}\" paraid=\"1909701143\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">\u201cIt was a <\/span><span data-ccp-parastyle=\"No Spacing\">cat-and-mouse game,\u201d he recalls. \u201cEvery time we disabled an account or tried to segment <\/span><span data-ccp-parastyle=\"No Spacing\">servers,<\/span><span data-ccp-parastyle=\"No Spacing\"> we saw them on another server. Because they had those privileges, they were also taking away our access rights while<\/span><span data-ccp-parastyle=\"No Spacing\"> we were taking theirs.\u201d<\/span><\/span><\/p>\n<\/div>\n<div>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{141}\" paraid=\"633046098\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">With conventional containment measures failing, the decision was <\/span><span data-ccp-parastyle=\"No Spacing\">made to sever the university\u2019s connection entirely, taking TU\/e\u2019s 14,000 students and 4,700 staff offline<\/span><span data-ccp-parastyle=\"No Spacing\">\u00a0for what turned out to be <\/span><span data-ccp-parastyle=\"No Spacing\">a week. However, <\/span><\/span><a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/assets.w3.tue.nl\/w\/fileadmin\/content\/pers\/2025\/05%20Mei\/REP_Armstrong_221856_TechnicalReport_TLP-CLEAR_v2.0_DECLASSIFIED.pdf?_gl=1*o0vndn*_gcl_au*OTA1MzI3MDY0LjE3NDI4MjExNTM.*_ga*MzU4MzM1MTg1LjE3MTkxMzUwODE.*_ga_JN37M497TT*czE3NDczODYwOTgkbzU4OSRnMSR0MTc0NzM4ODY0NiRqNjAkbDAkaDA.\"><span xml:lang=\"EN-US\" data-contrast=\"none\"><span data-ccp-charstyle=\"Hyperlink\">forensic analysis<\/span><\/span><\/a><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"> by Fox-IT later confirmed this decision<\/span><span data-ccp-parastyle=\"No Spacing\"> <\/span><span data-ccp-parastyle=\"No Spacing\">prevented a devastating ransomware attack.<\/span><\/span><\/p>\n<h2 paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{141}\" paraid=\"633046098\">Implementation gaps<\/h2>\n<\/div>\n<p paraeid=\"{58e851f9-28b0-432e-8ee9-271c1ff1d113}{160}\" paraid=\"531178889\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">TU\/e\u2019s experience exposes the gap between security awareness and flawless execution that haunts even the most diligent <\/span><span data-ccp-parastyle=\"No Spacing\">organisations<\/span><span data-ccp-parastyle=\"No Spacing\">. <\/span><span data-ccp-parastyle=\"No Spacing\">At the end of 2024, the university <\/span><span data-ccp-parastyle=\"No Spacing\">identified<\/span><span data-ccp-parastyle=\"No Spacing\"> compromised credentials belonging to several user accounts, flagging them as \u201crisky users\u201d through its<\/span><span data-ccp-parastyle=\"No Spacing\"> monitoring tools. <\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u201c<\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">We knew these accounts were leaked,\u201d admits De Vries. \u201cWe <\/span><span data-ccp-parastyle=\"No Spacing\">identified them at the end of last year and sent users instructions on changing<\/span><span data-ccp-parastyle=\"No Spacing\"> their passwords. But <\/span><span data-ccp-parastyle=\"No Spacing\">a configuration error<\/span><span data-ccp-parastyle=\"No Spacing\"> allowed them to re-enter the same password.\u201d<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{204}\" paraid=\"1637520276\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">This single oversight undermined what should have been a successful remediation process.\u00a0<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<div>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{218}\" paraid=\"405650838\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">Similarly, multi-factor authentication for the university\u2019s VPN was already planned and budgeted for. \u201cIt was on <\/span><span data-ccp-parastyle=\"No Spacing\">the schedule<\/span><span data-ccp-parastyle=\"No Spacing\"> to be implemented by summer,\u201d he says. \u201cIt would have been deployed around this time.\u201d<\/span><\/span><\/p>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{218}\" paraid=\"405650838\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">Instead, attackers exploited its absence to gain initial access using the dark web credentials.<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<\/div>\n<p paraeid=\"{b0de5050-21b0-4ee2-9629-7384df63cf55}{232}\" paraid=\"1963473542\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The response <\/span><span data-ccp-parastyle=\"No Spacing\">showcased<\/span><span data-ccp-parastyle=\"No Spacing\"> the Netherlands\u2019 collaborative approach to higher education cyber security. TU\/e benefits from <\/span><span data-ccp-parastyle=\"No Spacing\">SurfSoc<\/span><span data-ccp-parastyle=\"No Spacing\">, a security monitoring service delivered by Fox-IT and managed by <\/span><\/span><a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/www.surf.nl\/en\"><span xml:lang=\"EN-US\" data-contrast=\"none\"><span data-ccp-charstyle=\"Hyperlink\">Surf<\/span><\/span><\/a><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">,<\/span><span data-ccp-parastyle=\"No Spacing\"> the <\/span><span data-ccp-parastyle=\"No Spacing\">collaborative<\/span><span data-ccp-parastyle=\"No Spacing\"> <\/span><span data-ccp-parastyle=\"No Spacing\">organisation<\/span><span data-ccp-parastyle=\"No Spacing\"> providing IT services to Dutch universities and research institutions.<\/span><span data-ccp-parastyle=\"No Spacing\"> <\/span><span data-ccp-parastyle=\"No Spacing\">Surf detected the malicious activity at <\/span><span data-ccp-parastyle=\"No Spacing\">9:55 pm<\/span><span data-ccp-parastyle=\"No Spacing\"> and alerted TU\/e by <\/span><span data-ccp-parastyle=\"No Spacing\">10:48 pm<\/span><span data-ccp-parastyle=\"No Spacing\">, even as the university\u2019s <\/span><span data-ccp-parastyle=\"No Spacing\">security team responded<\/span><span data-ccp-parastyle=\"No Spacing\"> to internal alerts. This redundant detection system accelerated the response timeline.<\/span><\/span><\/p>\n<div>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{26}\" paraid=\"749270513\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">\u201cWe were already aware of potential malicious activity when <\/span><span data-ccp-parastyle=\"No Spacing\">Fox-IT, operating <\/span><span data-ccp-parastyle=\"No Spacing\">Surfsoc<\/span><span data-ccp-parastyle=\"No Spacing\">, <\/span><span data-ccp-parastyle=\"No Spacing\">contacted us,\u201d says De Vries.<\/span><\/span><\/p>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{26}\" paraid=\"749270513\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">When TU\/e called Fox-IT\u2019s emergency response line at <\/span><span data-ccp-parastyle=\"No Spacing\">11:50 pm<\/span><span data-ccp-parastyle=\"No Spacing\">, <\/span><span data-ccp-parastyle=\"No Spacing\">Fox-IT supported TU\/e\u2019s decision to <\/span><span data-ccp-parastyle=\"No Spacing\">disconnect the network <\/span><span data-ccp-parastyle=\"No Spacing\">immediately<\/span><span data-ccp-parastyle=\"No Spacing\">.<\/span><span data-ccp-parastyle=\"No Spacing\"> <\/span><span data-ccp-parastyle=\"No Spacing\">The network went offline at 1:17<\/span><span data-ccp-parastyle=\"No Spacing\"> am<\/span><span data-ccp-parastyle=\"No Spacing\"> on the Sunday, cutting off attackers who had been installing remote administration tools, creating privileged accounts and <\/span><span data-ccp-parastyle=\"No Spacing\">attempting<\/span><span data-ccp-parastyle=\"No Spacing\"> to disable backup systems \u2013 all hallmarks of ransomware preparation.<\/span><\/span><\/p>\n<h2 paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{26}\" paraid=\"749270513\">Disruption versus damage<\/h2>\n<\/div>\n<p paraeid=\"{58e851f9-28b0-432e-8ee9-271c1ff1d113}{212}\" paraid=\"59953091\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The decision to take 20,000 users offline for a week was not made lightly, but the alternative would have been far worse. Fox-IT\u2019s forensic investigation concluded that \u201c<\/span><span data-ccp-parastyle=\"No Spacing\">the adversary exhibited many characteristics typical of a ransomware attack\u201d,<\/span><span data-ccp-parastyle=\"No Spacing\"> with rapid escalation to domain administrator privileges and <\/span><span data-ccp-parastyle=\"No Spacing\">attempts<\/span><span data-ccp-parastyle=\"No Spacing\"> to disable backup systems following established ransomware playbooks.<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{86}\" paraid=\"1541504847\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">\u201cThe biggest impact for the university was on students and staff,\u201d says De Vries. \u201cWe had to postpone exams<\/span><span data-ccp-parastyle=\"No Spacing\">; academics<\/span><span data-ccp-parastyle=\"No Spacing\"> had to mark papers over extended periods. That impact can\u2019t be expressed in euros\u201d.<\/span><span data-ccp-parastyle=\"No Spacing\">\u00a0<\/span><span data-ccp-parastyle=\"No Spacing\">Yet the financial calculation was stark. The direct costs of the response remained manageable \u2013 \u201cnot comparable to what we spend annually on security\u201d, according to De Vries. Had ransomware been successfully deployed, however, \u201cit probably would have been in the millions\u201d.<\/span><\/span><\/p>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{104}\" paraid=\"153211416\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The human cost, while significant, was temporary. Exam schedules were rearranged, research activities paused, and normal operations disrupted<\/span><span data-ccp-parastyle=\"No Spacing\">, but the university\u2019s core functions remained intact. A successful ransomware attack could have crippled operations for months while<\/span><span data-ccp-parastyle=\"No Spacing\">\u00a0demanding substantial ransom payments with no guarantee of data recovery.<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{128}\" paraid=\"560029330\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">TU\/e\u2019s ability to respond decisively stemmed from regular crisis preparation. <\/span><span data-ccp-parastyle=\"No Spacing\">The university <\/span><span data-ccp-parastyle=\"No Spacing\">participates<\/span><span data-ccp-parastyle=\"No Spacing\"> in Surf\u2019s sector-wide Ozon cyber crisis exercise every two years alongside annual internal drills, ensuring crisis teams know their roles before disaster strikes. \u201cEveryone in the crisis <\/span><span data-ccp-parastyle=\"No Spacing\">organisation<\/span><span data-ccp-parastyle=\"No Spacing\"> knew their role,\u201d says De Vries. \u201cYou don\u2019t want to be looking at each other asking, \u2018How did this work again?\u2019 when the real crisis hits.\u201d<\/span><\/span><\/p>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{136}\" paraid=\"28204613\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The crisis management structure activated smoothly, with clear communication protocols and defined responsibilities. This <\/span><span data-ccp-parastyle=\"No Spacing\">organisational<\/span><span data-ccp-parastyle=\"No Spacing\"> readiness enabled the rapid decision-making that <\/span><span data-ccp-parastyle=\"No Spacing\">contained<\/span><span data-ccp-parastyle=\"No Spacing\"> the attack.<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{146}\" paraid=\"239348460\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">This preparation extended beyond TU\/e\u2019s walls. The university\u2019s decision to <\/span><\/span><a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/assets.w3.tue.nl\/w\/fileadmin\/content\/pers\/2025\/05%20Mei\/REP_Armstrong_221856_ManagementReport_v1.0_FINAL-1.pdf?_gl=1*fpzbcb*_gcl_au*OTA1MzI3MDY0LjE3NDI4MjExNTM.*_ga*MzU4MzM1MTg1LjE3MTkxMzUwODE.*_ga_JN37M497TT*czE3NDczODYwOTgkbzU4OSRnMSR0MTc0NzM4ODY0NiRqNjAkbDAkaDA.\"><span xml:lang=\"EN-US\" data-contrast=\"none\"><span data-ccp-charstyle=\"Hyperlink\">publish<\/span><\/span><\/a><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"> detailed forensic reports reflects the Dutch higher education sector\u2019s collaborative approach to cyber security<\/span><span data-ccp-parastyle=\"No Spacing\">, <\/span><span data-ccp-parastyle=\"No Spacing\">starkly contrasting<\/span><span data-ccp-parastyle=\"No Spacing\"> corporate secrecy around breaches.<\/span><span data-ccp-parastyle=\"No Spacing\"> <\/span><span data-ccp-parastyle=\"No Spacing\">The precedent was set by <\/span><\/span><a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/www.computerweekly.com\/news\/252477997\/Maastricht-University-pays-200000-to-Russian-hackers\"><span xml:lang=\"EN-US\" data-contrast=\"none\"><span data-ccp-charstyle=\"Hyperlink\">Maastricht University<\/span><\/span><\/a><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">, which suffered a major ransomware attack in 2019 and shared its experiences openly to help other institutions.<\/span><span data-ccp-parastyle=\"No Spacing\"> \u201c<\/span><span data-ccp-parastyle=\"No Spacing\">We are universit<\/span><span data-ccp-parastyle=\"No Spacing\">ies \u2013 <\/span><span data-ccp-parastyle=\"No Spacing\">we\u2019re about gaining and sharing knowledge,\u201d says De Vries. \u201cThere\u2019s a culture in the education sector of sharing these experiences so others can learn from them.\u201d<\/span><\/span><\/p>\n<div>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{184}\" paraid=\"588406981\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">The collaboration is systematic: university CISOs meet monthly through Surf to share intelligence and best practices. \u201cThere\u2019s no university that doesn\u2019t have this on their radar,\u201d he notes.<\/span><\/span><\/p>\n<h2 paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{184}\" paraid=\"588406981\">Persistent risks\u00a0<\/h2>\n<\/div>\n<div>\n<p paraeid=\"{58e851f9-28b0-432e-8ee9-271c1ff1d113}{228}\" paraid=\"346214293\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">Complex research environments create persistent vulnerabilities. TU\/e supports research groups using Windows 7 equipment, <\/span><span data-ccp-parastyle=\"No Spacing\">necessitating<\/span><span data-ccp-parastyle=\"No Spacing\"> older authentication protocols that attackers can exploit.<\/span><\/span><\/p>\n<p paraeid=\"{58e851f9-28b0-432e-8ee9-271c1ff1d113}{228}\" paraid=\"346214293\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">\u201cWe have an IT landscape that must support both old and new systems because research groups have equipment that still works perfectly for their research but uses older operating systems,\u201d says De Vries.<\/span><\/span><\/p>\n<p paraeid=\"{58e851f9-28b0-432e-8ee9-271c1ff1d113}{228}\" paraid=\"346214293\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">Since resuming operations, TU\/e <\/span><span data-ccp-parastyle=\"No Spacing\">has conducted individual security assessments before reconnecting research systems to the internet<\/span><span data-ccp-parastyle=\"No Spacing\">.<\/span><\/span><span data-ccp-props=\"{\"201341983\":0,\"335559739\":0,\"335559740\":240}\">\u00a0<\/span><\/p>\n<\/div>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{222}\" paraid=\"484737780\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">Despite the successful response, he <\/span><span data-ccp-parastyle=\"No Spacing\">remains<\/span><span data-ccp-parastyle=\"No Spacing\"> realistic about future threats. \u201cIt\u2019s not a question of if, but when,\u201d says De Vries. \u201cYou have to prepare as an <\/span><span data-ccp-parastyle=\"No Spacing\">organisation<\/span><span data-ccp-parastyle=\"No Spacing\"> for it to happen, no matter how good your security is.\u201d<\/span><\/span><\/p>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{232}\" paraid=\"753097994\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">His advice to fellow security leaders is practical: regularly drill crisis response teams and ensure detection systems work around the clock. <\/span><span data-ccp-parastyle=\"No Spacing\">\u201c<\/span><span data-ccp-parastyle=\"No Spacing\">You need good detection so <\/span><span data-ccp-parastyle=\"No Spacing\">you\u2019re properly informed when things go wrong, and a crisis <\/span><span data-ccp-parastyle=\"No Spacing\">organisation<\/span><span data-ccp-parastyle=\"No Spacing\"> that can act immediately,<\/span><span data-ccp-parastyle=\"No Spacing\">\u201d<\/span><span data-ccp-parastyle=\"No Spacing\"> says De Vries.<\/span><\/span><\/p>\n<p paraeid=\"{3e765019-52a4-4a04-a6d3-0627eb349b23}{254}\" paraid=\"1020225861\"><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\"><\/span><\/span><span xml:lang=\"EN-US\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">TU\/e\u2019s experience proves that even well-prepared <\/span><span data-ccp-parastyle=\"No Spacing\">organisations<\/span><span data-ccp-parastyle=\"No Spacing\"> <\/span><span data-ccp-parastyle=\"No Spacing\">remain<\/span><span data-ccp-parastyle=\"No Spacing\"> vulnerable. But rapid detection, decisive leadership and accepting short-term disruption can prevent far greater long-term damage. <\/span><\/span><span xml:lang=\"NL-NL\" data-contrast=\"auto\"><span data-ccp-parastyle=\"No Spacing\">When<\/span><span data-ccp-parastyle=\"No Spacing\"> perfect security <\/span><span data-ccp-parastyle=\"No Spacing\">remains<\/span><span data-ccp-parastyle=\"No Spacing\"> <\/span><span data-ccp-parastyle=\"No Spacing\">impossible<\/span><span data-ccp-parastyle=\"No Spacing\">, response <\/span><span data-ccp-parastyle=\"No Spacing\">quality<\/span><span data-ccp-parastyle=\"No Spacing\"> <\/span><span data-ccp-parastyle=\"No Spacing\">determines<\/span><span data-ccp-parastyle=\"No Spacing\"> impact.<\/span><\/span><\/p>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Endpoint security<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/366623542\/Europe-leads-shift-from-cyber-security-headcount-gap-to-skills-based-hiring\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/HeroImages\/staff-recruitment-hiring-Worawut-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/HeroImages\/staff-recruitment-hiring-Worawut-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/HeroImages\/staff-recruitment-hiring-Worawut-adobe.jpg 1280w\" alt ><\/p>\n<h5>Europe leads shift from cyber security \u2018headcount gap\u2019 to skills-based hiring<\/h5>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/366602395\/CISA-Election-infrastructure-has-never-been-more-secure\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/legal_g929185540_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/legal_g929185540_searchsitetablet_520X173.jpg 960w,https:\/\/www.computerweekly.com\/rms\/onlineimages\/legal_g929185540.jpg 1280w\" alt ><\/p>\n<h5>CISA: Election infrastructure has never been more secure<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/rms\/onlineImages\/culafi_alexander.jpg\" alt=\"AlexanderCulafi\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alexander\u00a0Culafi<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.computerweekly.com\/microscope\/feature\/Five-Minute-Interview-Cristina-Bentue-IriusRisk\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/Hero Images\/microphone-interview-podcast-BrianJackson-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/Hero%20Images\/microphone-interview-podcast-BrianJackson-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/Hero%20Images\/microphone-interview-podcast-BrianJackson-adobe.jpg 1280w\" alt ><\/p>\n<h5>Five-minute interview: Cristina Bentue, IriusRisk<\/h5>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/366565895\/China-claims-it-cracked-Apples-AirDrop-can-track-senders\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/storage_g1223952490_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/storage_g1223952490_searchsitetablet_520X173.jpg 960w,https:\/\/www.computerweekly.com\/rms\/onlineimages\/storage_g1223952490.jpg 1280w\" alt ><\/p>\n<h5>China claims it cracked Apple&#8217;s AirDrop, can track senders<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/rms\/onlineImages\/culafi_alexander.jpg\" alt=\"AlexanderCulafi\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alexander\u00a0Culafi<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/feature\/Dutch-universitys-rapid-response-saved-it-from-ransomware-devastation\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Joan Ramage<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Eindhoven University of Technology has planned multi-factor authentication and regularly practised cyber crisis drills \u2013 yet it still fell victim to attackers who exploited gaps in its defences By Kim Loohuis Published: 04 Jun 2025 Earlier this year, Eindhoven University of Technology (TU\/e), one of the Netherlands\u2019 leading technical universities, demonstrated the uncomfortable truth that<\/p>\n","protected":false},"author":1,"featured_media":854357,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22995,46,42641],"tags":[],"class_list":{"0":"post-854356","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-dutch","8":"category-technology","9":"category-universitys"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/854356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=854356"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/854356\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/854357"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=854356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=854356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=854356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}