We’re proud to introduce Fortified: a new initiative by Cronos Security, built from within the Cronos Group to strengthen and simplify the way organizations approach security.

Fortified is a new cybersecurity initiative, uniting leading experts, trusted technology partners, and hands-on services to help organizations build digital resilience. As the center of expertise for Fortinet within the Cronos Group, Fortified goes beyond the role of integrator or advisor. We act as a strategic partner in securing your entire digital environment.

Collaboration at its core

Collaboration is in our DNA. As an ecosystem, we bring together a strong network of cybersecurity experts, trusted technology partners, and solution integrators across the Cronos Group. This allows us to connect the right capabilities to each client challenge – always with security as the starting point.

Acting as the Fortinet knowledge hub within Cronos Security, Fortified helps organizations design the right security architecture, align strategy with technology, and move from reactive to resilient. Whether it’s selecting the right tools, mapping out dependencies, or coordinating implementation through our partners, Fortified ensures a connected, effective, and business-aligned approach.

Fortinet-powered, strategically driven

At the heart of our offering is Fortinet: a global cybersecurity leader known for its integrated Security Fabric. As a trusted Fortinet partner, Fortified combines deep technical expertise with strategic implementation. We design and deploy Fortinet solutions that:

• Analyze every corner of your network
• Detect emerging threats with clarity
• Respond swiftly and effectively

Ready to Fortify your business?

Whether you’re active in the public sector, healthcare, financial services, or innovation-driven industries, Fortified adapts to your unique context and challenges. From cloud-native environments to complex OT networks, we’re here to guide you, strategically and securely.

Get in touch to explore how Fortified can help you strengthen your security posture, accelerate your digital transformation, and stay ahead of cyber risk.

What if your biggest security risk isn’t a hacker, but your own team just trying to get work done?

Shadow IT is a common challenge many organizations face: employees using tools and systems not approved by IT. Think of someone using Google Drive instead of the company’s official file system. Or a team using Trello for project management while IT prefers Jira. In most cases, employees don’t intend to cause harm. They simply don’t see the risks or understand the importance of using official tools. Still, their actions can create serious security vulnerabilities.

What is Shadow IT?

Let’s start strong and begin with the most obvious question: what actually is Shadow IT? Shadow IT refers to the use of software, devices, or services within a company that haven’t been officially approved by the IT department.

Think about:

• Cloud storage tools like Dropbox or Google Drive
• Project management software like Asana, Trello, or Notion
• Messaging apps like WhatsApp or Slack (outside company control)
• AI-tools such as ChatGPT, Notion AI, or browser extensions

In short, if an employee uses an unapproved tool to do their job, it’s considered Shadow IT.

The four layers of managing shadow IT

Successfully managing Shadow IT requires addressing it on four key levels: technical detection, policy and governance, employee behavior, and acceptable use.

Layer 1 – Visibility & Detection
You can’t protect what you can’t see. The first step in tackling Shadow IT is gaining visibility into what’s running on your corporate devices. Use monitoring tools or a lightweight agent that track installed software and flag anything unapproved. In addition, monitor network activity to spot traffic to unrecognized or unauthorized services. Maintaining a current inventory and performing regular audits helps to detect any signs of unauthorized apps or services.

Layer 2 – IT Policy, Governance & Documentation
Strong policies are key to managing Shadow IT effectively. Ensure your Acceptable Use Policy (AUP) explicitly lists approved tools and clearly prohibits unvetted software. Then, set up a simple process for reviewing and approving new tools, and make sure employees know how they can suggest tools for approval. These policies should be practical and fit the way your teams actually work, offering some flexibility while keeping control.

It’s also important to communicate clear and consistent consequences for non-compliance, such as blocking unauthorized apps or initiating follow-up actions, to maintain organizational accountability.

Layer 3 – Employees: Culture, Training & Support
Shadow IT often pops up when people feel they don’t have the right tools or enough support to do their job properly. That’s why it’s essential to regularly offer training that’s not only focused on rules, but also on the rationale behind them. Make sure there are safe and approved alternatives to the tools employees tend to use on their own. Try to build a culture where people feel comfortable being honest about the tools they’re using instead of hiding them. 

And don’t forget to include basic security and software rules as part of your onboarding process, so new team members start off on the right foot.

Layer 4 – Acceptable Use Policy (AUP): Clear and simple guidelines
An AUP shouldn’t just be a formal document that people sign and forget. It needs to clearly explain which tools are okay to use and what kind of behavior is expected. Use plain, accessible language so all employees can understand it, not just legal or IT. Include a list of approved apps and explain why using tools outside of that list can be risky.

The goal is to make compliance straightforward, so your team can do the right thing without being hindered in their workflows.

Why Shadow IT happens (and what it tells you)

Most of the time, employees don’t turn to outside tools to be difficult; they do it because they’re just trying to get their work done. Maybe the tools they’re supposed to use are too slow, unintuitive, or poorly suited for the task. Or maybe getting new tools approved through IT takes too long. So, people go looking for faster or easier options on their own.

When this happens, it’s more than just a security risk. It’s a sign. It tells you something’s not working the way it should. Maybe your tech tools aren’t keeping up with the way people work today. Maybe the user experience is frustrating. Or maybe there’s a trust issue, and employees might not believe IT can solve their problems fast enough.

Instead of seeing Shadow IT as just a problem to shut down, treat it as a clue. It’s a chance to listen, improve your systems, and make sure your teams have what they really need to do their best work.

Why Shadow IT is a real security problem

While the motivations behind Shadow IT – such as speeds or convenience – are often understandable, the risks that are associated with them can simply not be ignored:

• Data loss: Sensitive data could end up on personal devices or unsecured cloud platforms, putting it outside your company’s control and protection.
• Compliance issues: Using unapproved tools might breach regulations like GDPR or NIS2.
• More attack vectors for attackers: Apps that haven’t been vetted by IT might miss key security features that hackers are able to exploit
• No visibility: In the case of an incident, the IT team may be unaware of the tools involved, delaying their response and limiting their ability to contain and resolve the issue.

The goal isn’t to block everything. It’s about helping people work efficiently without unnecessarily putting your business at risk.

Managing Shadow IT without killing innovation

Outright banning everything isn’t realistic. The goal is to strike a balance between security and flexibility.

• Discover and find out what’s in use: Tools like endpoint monitoring can help you spot unauthorized apps.
• Understand and ask why: Talk to employees about why they’re using these tools. Often, it highlights a need that isn’t being met.
• Offer better options: Instead of blocking, recommend secure tools that do the same job.
• Educate, don’t blame: Make security a shared responsibility. Help teams understand the risks without pointing fingers.
• Create a clear process: Set up a fast and simple way for people to request new tools. If they know they’ll get an answer within let’s say, 48 hours, they’re less likely to do it behind IT’s back.

Shadow IT shows you what needs to change

Shadow IT isn’t just a risk; it’s a signal. It tells you where employees are struggling, where tools fall short, and where trust or communication might be missing. If you listen to what it’s showing you, you can use it as a chance to improve.

By looking at the full picture (technology, policy, team habits, and compliance), you can strengthen your security without disrupting how teams work.

Need support? Our experts are here to help you find the right balance between keeping your business safe and giving your teams the freedom to do their best work. Get in touch!

Still running an old Windows XP machine? Then this story is a must-read.

On a recent project, we stumbled upon something all too familiar: a few aging Windows XP machines, quietly chugging away in a modern enterprise environment.

Fortunately, these machines weren’t serving internet-facing production workloads. Instead, they were the main development and build systems for critical legacy applications—built in Visual Basic 6, classic ASP 3.0, and COM+ components. A tech stack that screams late 90s, yet still deeply embedded in daily business operations.

These XP boxes were responsible for compiling deployable .exe files, DLLs, and classic ASP web apps—artifacts that were then deployed to more modern Windows Server environments. So while they didn’t look like a high-risk asset, they posed a serious threat under the surface.

The issue? These machines sat in the same network zone as production servers. No segmentation. No isolation. That meant a vulnerable XP box, with no patches since 2014 and full of weak protocols, was just a hop away from everything else.

This blog walks you through how we tackled that risk—by building an isolation lab. Not only did it shield the organization from legacy vulnerabilities, it became a powerful enabler for change: from internal awareness to hands-on testing, collaboration, and modernization planning.

Windows XP Vulnerabilities

As we all know, Windows XP is highly vulnerable due to several reasons. To name some important few:

• No updates since 2014
• Does not support a modern antivirus solution with attack surface reduction
• No encrypted remote desktop protocol (RDP) making it vulnerable to cleartext password sniffing
• Only supports the insecure RC4 encryption type in Kerberos authentication
• Only supports the insecure file and printer sharing protocol SMB version 1 exposing it to attacks like EternalBlue and WannaCry
• Allows fairly easy privilege escalation so if a domain admin recently logged on the XP machine, you can easily become king of the castle

So anyone can sense the urgency -or even better emergency- to get these business applications rewritten as soon as possible on a modern development stack with security by design incorporated.

But then the questions come. How much will it cost? How long will it take? Will we have to retrain our users? Do we really need to start from scratch? Can’t we reuse or refurbish some code? Will a new solution support important custom business logic our company is famous for? What about compliancy with external regulations? And so on, and so forth.

So from a time and security perspective, there aren’t really many other options then than to isolate these machines.

Isolation?

Yes, isolation. This means: put the machines in a separate network zone, shield them off with a firewall and only allow what is necessary. You will also need to heavily monitor this zone for any suspicious activity. And you do all of that until a new solution is in place.

And PLEASE, make the higher management aware that this should absolutely be a temporary situation. Convince them to provide proper funding and investments to set up projects to reprogram, replatform, refactor, redo whatever is necessary to get rid of these legacy systems as soon as possible. Isolating the machines will give better protection, but wil not solve the vulnerabilities. The longer you wait to treat them, the harder and more expensive it becomes.

Read-Only Domain Controller (RODC)

Next to isolating the machines with the firewall, another very important component in the architecture, is a Read-Only Domain Controller or RODC.

It is a special type of domain controller that contains a read-only copy of your Active Directory. It allows you to harden the security on all the machines in your trust zone -including your main domain controllers- and at the same time keep your Windows XP machines functional.

An RODC:

• Provides crucial AD functionality like Kerberos authentication and group policy
• Reduces attack surface
• Does not store passwords by default
• Is specifically designed for use in less secure network zones (like branch offices)
• Allows filtering of sensitive AD attributes
• Only introduces minimal overhead because it gets all Active Directory objects synced from the main domain controllers
• Removes the risk of affecting the main domain controllers
  • That way a hacker cannot destroy the main writable DC’s from an isolated legacy machine.

You can find the full documentation on Microsoft’s RODC here. 

As Windows XP only supports the insecure RC4 encryption for Kerberos authentication and the even more vulnerable SMBv1 protocol for group policy processing, the main rationale is to lower the security only on the RODC that the XP’s will use, while hardening our main domain controllers and other machines by removing the insecure RC4 and SMBv1 on them.

Isolation lab

All of the above looks nice in theory, but how does one really tackle this in practice? In a living organization in constant change?

Well, we started off by trying to convince our stakeholders by building an isolation lab.

It very soon turned out to become one of our most important tools for many reasons:

• You can demonstrate the actual security measures
• You can test (even pentest) actions without touching the corporate infrastructure
• You can immediately ’talk tech’ with the system and network engineers. The lab will trigger important discussions and keep them ongoing.
• You can do stuff that you are not allowed to do in a corporate environment: disable firewalls, suspend the antivirus detection, install hacking tools like mimikatz, use Wireshark to sniff the network traffic, etc.

Lab overview

On the project we had a big Azure environment to our disposal, so there was still some room left for our small, cheap, but highly efficient lab.

The diagram below shows the setup:

The names in the example are all fictitious, but they can be mapped one-on-one with the lab we created for the project. The lab is hosted on a dedicated Azure subscription ‘sub-my-subscription’ inside of the resource group ‘rg-my-resourcegroup-sbx-weu-001’. There is no link, peering, VPN, ExpressRoute or whatsoever from the lab to the actual network of the company that hosted the project, to keep it fully isolated.

Network zones and virtual machines

The lab is composed of an Azure Virtual Network (VNET) with fictional IP range 10.2.0.0/24 and the following subnets:

• 10.2.0.0/28: FW: snet-my-isolation-fw-dev-weu-001
  • Subnet containing:
    • vm-my-opnsense-sbx-weu-001
      • Virtual machine running OPNSense (an open source firewall/router)
      • We opted for OPNSense as it is low-cost and ideally suited for a lab setup as compared with commercial products of Palo Alto, Cisco, Fortinet and Check Point.
      • The LAN interface of OPNSense has an IP in this subnet
      • The WAN interface of OPNSense has an IP in the DMZ subnet (see below)
    • vm-my-antix-sbx-weu-001
      • Small virtual machine running AntiX Linux
      • Sits next to the OPNSense firewall to access its web interface via Firefox as OPNSense itself has no graphical user interface
      • In our experience, probably the most lightweight and cheapest machine to host in Azure
• 10.2.0.16/28: RWDC: snet-my-isolation-rwdc-dev-weu-001
  • Subnet containing:
    • vm-my-winsrv2016dc-weu-001
      • The read-write domain controller running Windows Server 2016 Standard with latest updates installed
      • The main domain controller during the project was also running Windows Server 2016, so that is the reason for picking this OS, but you can take a higher OS if you want
      • Host name is MYWINSRV2016DC
      • This machine hosts the fictional domain ‘MYDOMAIN.LOCAL’ with some dummy ‘Hello world’ group policies
• 10.2.0.32/28: RODC: snet-my-isolation-rodc-dev-weu-001
  • Subnet containing:
    • vm-my-winsrv2022dc-weu-001
      • The read-only domain controller running Windows Server 2022 Standard with latest updates installed
      • The RODC that we introduced during the project also ran a Windows Server 2022
      • Host name is MYWINSRV2022DC
      • Synchronizes the fictional domain ‘MYDOMAIN.LOCAL’ from MYWINSRV2016DC
      • IMPORTANT: you will need to provision this machine in Azure from a managed disk as the image in the Azure store is already hardened and will not allow you to lower the security (= lower encryption types to RC4 and install SMBv1)
• 10.2.0.48/28: MB01: snet-my-isolation-mb01-dev-weu-001
  • Subnet containing:
    • vm-my-winxp-weu-001
      • A virtual machine running that latest edition of Windows XP (5.1.2600.5512 Service Pack 3 Build 2600) representing a legacy member machine of the domain MYDOMAIN.LOCAL
      • Uses the read-only domain controller MYWINSRV2022DC for all domain related functionalities (authentication, group policy, LDAP, DNS, etc.)
      • Host name is MYWINXP
      • IMPORTANT: you will need to provision this machine in Azure from a managed disk that you create from Windows XP install media that you either need to extract from the Windows XP machines in your network or grab from the internet. In any case, you will need a valid license key from your existing machines to legally install it.
      • Installing XP on Azure is not supported by Microsoft, so … bear in mind that you’re already on thin ice here.
• 10.2.0.176/26: DMZ: snet-my-isolation-dmz-dev-weu-001
  • Subnet representing the demilitarized zone (DMZ)
    • The WAN network interface card of OPNSense has an IP address in this zone with an associated public IP address allowing internet connectivity
    • By default, internet access is disabled on the firewall, so if you need internet connectivity, you need to enable the respective rules on the firewall
• 10.2.0.192/26: AzureBastionSubnet
  • Subnet needed by Azure Bastion
    • You will need Azure Bastion to RDP or SSH into all virtual machines in the lab.
    • You will also need to setup a number of accounts in your domain. Typically you would create one or two administrators, a couple of normal users and a local admin for your Windows XP. Names like John Doe, Jane Doe, Erika Mustermann, Dom Cobb, etc. work just fine!

Routing

The subnets do not have any Network Security Groups (NSG’s) defined as they are all forced to pass via the OPNSense firewall via a route table ‘rt-my-isolation-sbx-weu-001’.

The table below shows the user defined routes (UDR’s) inside rt-my-isolation-sbx-weu-001 that defines OPNSense’s LAN IP address as the Virtual Network Appliance to use when routing from one subnet to another:

Name	Address prefix	Next hop type	Next hop IP address
route-my-tosnetrwdc-sbx-weu-001	10.2.0.16/28	Virtual appliance	10.2.0.4
route-my-tosnetrodc-sbx-weu-001	10.2.0.32/28	Virtual appliance	10.2.0.4
route-my-tosnetmb01-sbx-weu-001	10.2.0.48/28	Virtual appliance	10.2.0.4
route-my-lantointernet-sbx-weu-001	0.0.0.0/0	Virtual appliance	10.2.0.4

Configuring the firewall

The OPNsense firewall can be exactly configured according to the RODC documentation of Microsoft that you find here. 

One important exception though is the rule regarding dynamic RPC ports in the traffic from the Windows XP machine to the RODC.

The Microsoft documentation only mentions:

Protocol	Source	Destination	Port	Traffic type
TCP	XP	RODC	49152-65535	DNS, DRSUAPI, NetLogonR, SamR LSASS

But you will need to additionally add the ports below as Windows XP uses a much lower and narrow port range:

Protocol	Source	Destination	Port	Traffic type
TCP	XP	RODC	1025-5000	DNS, DRSUAPI, NetLogonR, SamR LSASS

Some lessons learned during lab setup

Lesson #1: I locked myself out!

Bear in mind that to log on the RODC ‘MYWINSRV2022DC’, this machine needs to authenticate against the RWDC ‘MYWINSRV2016DC’, so if connectivity gets cut between those two machines (by changing OPNSense, or as a consequence of playing around with the config, etc.), you will not be able to RDP into this machine via Azure Bastion anymore. There is also no backup local admin account on MYWINSRV2022DC as a domain controller by design does not have a local user database.

In case you lock yourself out, you will first need to remove the user defined routes on the RWDC and RODC that forces all traffic over the OPNSense firewall in order to restore connectivity between MYWINSRV2016DC and MYWINSRV2022DC. After that you can troubleshoot the issue and reimpose the user defined routes afterwards again.

If you changed DNS to 8.8.8.8 temporarily to access the internet and removed the IP address of the RWDC on the RODC, you will also lock yourself out. On the RWDC you can run a PowerShell as Administrator and connect to the RODC:

PS C:\Users\John Doe\Documents> Enter-PSSession -ComputerName MYAWINSRV2022DC

[MYWINSRV2022DC]: PS C:\Users\John Doe\Documents> Set-DnsClientServerAddress -InterfaceIndex (Get-NetAdapter).ifIndex -ServerAddresses (“10.2.0.20”)

Lesson #2: Use legacy tools on legacy machines

It might not come as a surprise, but modern network monitoring tools like Wireshark do not run on Windows XP. There are some old archived versions of Wireshark that can still be run on Windows XP, but it is way easier to use the older Microsoft Network Monitor 3.4 on Windows XP.

Likewise, to better understand the encryption types of Kerberos tickets issued on Windows XP, use the ‘kerbtray’ tool from the ‘Windows Resource Kit Tools’ of the old Windows Server 2003. It runs perfect under XP and allows for easy Kerberos encryption troubleshooting.

Lesson #3: Leave no trace behind

We also did a pentest on our own lab.

Mission: start from the Windows XP machine with a non-privileged account and try to grab the main domain controller.

One outcome that we did not see coming: do not log in with a domain admin on your Windows XP! After logging in, you leave local traces of credentials behind and our pentester was able to use those traces to become domain admin on Windows XP.

From there it was very easy to jump to the RODC and from the RODC to the main domain controller.

To avoid this, one should make separate users in their Active Directory that are only used to access the Windows XP machines. If they need admin rights, you can grant them local admin rights on Windows XP, but keep your Domain Admins shielded.

So not the RODC, not the RC4 encryption, not the SMBv1 proved to be the main vulnerabilities, but a logical flaw in the setup of the identity and access management. Do not make that same mistake!

That’s it!

Well, actually, no. That’s not it, because I could continue for many hours on everything else the lab has taught us, like:

• How group policy works inside and outside the isolation zone;
• The importance of configuring Active Directory Sites & Services;
• The Key Distribution Center of the RODC and the special krbtgt account that goes with it;
• The Windows November 2022 encryption security update forcing higher encryption levels and circumventing this hardening on your RODC;
• And of course, how we actually implemented the full setup in the real production network.

Want to know more about legacy systems, and how to keep them safe? Send us a message.

Keep it secure!

Chris

Cybersecurity has shifted from being purely reactive to actively supporting new business initiatives. At Cronos Security, we see security not just as a safeguard, but as an enabler for fast, confident development. That mindset is what drives our partnership with Aikido: a collaboration that helps our teams build securely, without slowing down.

Aikido’s developer-first approach to application security has proven invaluable for several of our competence centers. Two standout examples?
Kunlabora and SecWise – both have harnessed Aikido’s platform to transform how they manage security risks while accelerating product development.

Kunlabora: security without the bottlenecks

As a digital product studio within Cronos, Kunlabora is known for building high-quality custom applications. But as they scaled, the need for a more efficient security process became clear. Traditional tools were noisy and slowed the team down with false positives and irrelevant alerts.

That changed when Kunlabora adopted Aikido. Thanks to Aikido’s centralized dashboard, multi-source integration, and developer-friendly interface, their engineers could finally see and act on only the issues that truly mattered. No more endless digging. No more irrelevant noise.

“We see all our open issues and security risks in one single platform,” says Kunlabora. “Aikido helped us significantly reduce our time-to-fix.”

The result? Faster development cycles, greater peace of mind, and a team that can stay focused on building great products—with security baked in from the start.

SecWise: empowering a security-focused mindset

SecWise, another Cronos powerhouse, specializes in identity, cloud, and Microsoft security services. They’re deeply rooted in best practices and cutting-edge tooling- but they also know that security must evolve alongside development workflows.

For SecWise, Aikido became a catalyst for developer empowerment. With its simple setup and wide coverage, from code flaws to cloud misconfigurations, SecWise was able to shift security left in a way that felt intuitive and collaborative.

“We were up and running within 15 minutes. It’s great to have a platform that both developers and security teams actually enjoy using,” says SecWise.

Aikido’s ability to scan source code, infrastructure, and dependencies in one go meant SecWise could detect and resolve issues earlier, with full context. The platform has enabled a more proactive security culture: one where developers feel equipped, not burdened, by security.

The bigger picture

At Cronos Security, we believe the strongest security postures are built not just on robust tools, but on collaboration, clarity, and developer trust. Aikido embodies all three.

By empowering teams like Kunlabora and SecWise to build securely without slowing down, Aikido has become more than just a vendor. It’s a trusted partner in our mission to deliver secure, scalable innovation within and beyond the Cronos ecosystem.

Want to learn more? Get in touch!

As we step into 2025, the cyber security landscape is at a crossroads. Over the past year, we’ve witnessed a surge in sophisticated cyber threats—from advanced ransomware attacks crippling supply chains to the alarming rise of AI-driven scams. These developments have not only exposed critical vulnerabilities but have also underscored the urgent need for stronger cyber security measures. Yet, amid these challenges, there is reason for optimism. Innovations in defensive technologies, increased international collaboration, and the rise of secure digital identities offer promising ways to fortify our digital defenses.

To gain insight into what lies ahead, we spoke with Jonas Buyle, Business Manager at Cronos Security, about the key cyber security challenges of 2025 and the opportunities that come with them.

The race for the ultimate platform 

Q: Jonas, great to have you with us. Let’s start with a broad question—how do you see the cyber security landscape evolving in 2025? What major trends stand out?

Jonas: One of the most significant trends is the consolidation of niche functionalities into larger, standardized platforms. Major vendors are acquiring or integrating capabilities to create all-in-one ecosystems. While this offers convenience, it also results in more closed systems, reducing interoperability and limiting collaboration between platforms.

This consolidation also increases security risks. A monoculture of dominant platforms means that vulnerabilities in widely adopted systems can have widespread consequences. The challenge will be balancing integration with resilience to mitigate these risks.

The darker side of innovation: cybercrime’s new tactics 

Jonas: Another growing concern is the increasing misuse of emerging technologies for malicious purposes. Cyber security, once an issue confined to digital spaces, now extends into the physical world. Cyberattacks are increasingly weaponized, causing real-world disruptions with far-reaching consequences.

Quantum Computing: a game-changer for cyber security 

Q: Speaking of future trends, what’s your take on quantum computing and its potential impact on cyber security?

Jonas: By 2025, quantum computing is expected to pose a significant threat to today’s encryption standards, such as RSA and ECC. Quantum computers can process massive amounts of data at unprecedented speeds, making it possible to break current cryptographic systems. This puts sensitive data—financial transactions, personal information, and intellectual property—at risk, potentially shaking the foundations of digital trust.

To prepare, businesses need to transition to quantum-safe encryption methods. These new cryptographic techniques are designed to withstand quantum attacks, ensuring data remains secure even as quantum technology advances. The real challenge will be adopting these solutions before quantum threats become mainstream.

Compliance, collaboration, and the future of cyber security regulation 

Q: How crucial is compliance and regulation in Cronos Security’s approach, and do you anticipate regulatory changes in 2025?

Jonas: Compliance and regulation are at the core of our cyber security strategy. Regulatory frameworks establish a security baseline, fostering trust between businesses, governments, and consumers. In 2025, we expect to see stricter data protection laws, increased breach reporting obligations, and new mandates governing AI security. Organizations must be proactive in adapting to these evolving requirements to ensure compliance while maintaining operational resilience.

Q: Do you see opportunities for collaboration between companies and governments to improve cyber security in 2025?

Jonas: Absolutely. Cyberthreats are evolving too fast for any single entity to tackle alone. Public-private partnerships will be crucial for sharing threat intelligence, coordinating incident responses, and developing joint defense strategies. We’re already seeing increased collaboration across sectors.

At Cronos Security, we firmly believe in the power of alliances. In 2025, we will continue strengthening our partnerships with Aikido Security, Keepit, Ceeyu, and Becode while actively exploring new collaborations that bring added value. Beyond external partnerships, we are also fostering internal alliances that drive mutual growth and innovation. By working closely with both established and emerging security players within the vast Cronos ecosystem, we aim to create a resilient, forward-thinking security landscape that benefits our clients and partners alike.

Cyber security as a business imperative 

Q: Will companies view cyber security as a more critical priority in 2025?

Jonas: Without a doubt. The increasing frequency and sophistication of cyberattacks mean that organizations can no longer afford to treat cyber security as an afterthought. Executive boards are now recognizing cyber security as a fundamental business function rather than just a technical issue. This shift will drive greater investments in cyber resilience strategies and embed security into every aspect of business operations.

The human factor: awareness and training 

Q: How important will cyber security awareness and employee training be in 2025?

Jonas: Human error remains one of the weakest links in cyber security. In 2025, awareness and training will be more crucial than ever. Employees are the first line of defense, so organizations must invest in continuous education on emerging threats, phishing tactics, and secure data handling. AI-driven training tools and interactive simulations will play a major role in making security awareness more engaging and effective.

Q: How does Cronos Security ensure its own team stays ahead of evolving cyber security threats?

Jonas: We follow a continuous learning model. Our team undergoes regular training, earns certifications, and participates in leading cyber security conferences. We also foster an internal culture of knowledge-sharing, where team members routinely discuss new threats, vulnerabilities, and mitigation strategies.

The Cronos Security approach: proactive defense 

Q: How is Cronos Security preparing for the evolving cyber threat landscape in 2025?

Jonas: We take a proactive approach by constantly refining our security strategies to anticipate future threats. We also work closely with clients to enhance their cyber resilience, providing tailored security frameworks that align with their specific risk profiles.

Q: What sets Cronos Security apart from others?

Jonas: Our strength lies in our comprehensive approach. With a broad network of competence centers, we don’t just offer security tools—we deliver end-to-end cyber resilience strategies tailored to each client’s needs. Our deep expertise in both offensive and defensive security allows us to anticipate and neutralize threats before they materialize. Additionally, our commitment to collaboration, innovation, and regulatory compliance ensures we provide cutting-edge solutions in an ever-changing threat landscape.

Looking ahead: a safer digital future 

As we navigate the complexities of 2025, one thing is clear: cyber security remains a top priority for businesses worldwide. While threats continue to evolve, organizations can stay ahead by embracing a combination of compliance, innovation, collaboration, and awareness. Cronos Security is committed to leading the charge in building a safer digital future.

The Cyber Security Coalition is celebrating its 10th anniversary. What started in 2015 as a modest ‘coalition of the willing’ has grown into a thriving community with over 1,000 members. ‘The Cyber Security Coalition was founded on a simple yet powerful idea: collaboration is essential to tackling cyber threats. With an influential network of cybersecurity professionals, we have strengthened innovation and resilience throughout Belgium. But our work is far from finished,’ says Jan De Blauwe, Chairman of the Coalition since 2017.

Belgium was one of the first European countries to establish an innovative triple helix collaboration between the private sector, government, and academia with the Coalition’s inception in 2015. The 10th anniversary was celebrated yesterday in Brussels, attended by leading cybersecurity experts, policymakers, researchers, and professionals.

‘The importance of cooperation between the private, public, and academic sectors cannot be overstated. It is this united front that allows us to stay ahead in the fight against ever-evolving cyber threats and build a secure digital future,’ emphasises Miguel De Bruycker, Managing Director General of the Centre for Cyber Security Belgium (CCB), the federal agency responsible for designing and coordinating Belgium’s cyber strategy. ‘The Cyber Security Coalition is living proof of the power of this partnership, and the CCB, as Belgium’s National Coordination Centre, remains committed to strengthening our collective resilience together with this dynamic community.’

“Every week, companies face over 1,000 cyberattacks, making cybersecurity a critical and costly part of their daily operations. As threats continue to evolve, businesses must stay vigilant. As a founding member of the Coalition, FEB is committed to being an active partner in the fight against cyber threats,” adds Pieter Timmermans, CEO of the Federation of Enterprises in Belgium (FEB).

Five priorities for the coming years

While the Coalition continues to grow, its mission remains unchanged: strengthening cyber resilience through awareness, networking, and knowledge sharing. Chairman Jan De Blauwe states: ‘In the coming years, we aim to further expand our network, particularly in key industries such as the chemical, pharmaceutical, and logistics sectors—areas that are currently underrepresented in our community.’

To make Belgium even stronger and more resilient, the Cyber Security Coalition has identified five key priorities for the coming years:

1. Protecting our democracy remains a top priority. In an era of increasing cyber threats and disinformation, we must secure our institutions and democratic processes. This requires enhanced incident response at all levels—within government, public institutions, and critical sectors. Only through swift and coordinated action can we effectively counter cyberattacks.

2. Targeted investments in cybersecurity expertise are essential in both academia and the private sector to ensure Belgium possesses the necessary knowledge and resources to protect products and services in line with international standards.

3. Closer collaboration between research, industry, and government will drive innovation and reduce our dependence on foreign technologies. Additionally, we must support start-ups and promote innovation through strategic public procurement and closer cooperation with EU partners.

4. Staying ahead in emerging technologies is crucial. AI and quantum computing are dramatically transforming the threat landscape for businesses and government services. We must therefore develop a national cryptography strategy, with a focus on crypto-agility and a smooth transition to post-quantum cryptography, in close collaboration with the European cybersecurity agency ENISA.

5. Comprehensive protection of the supply chain is necessary. Vulnerabilities in a single link can endanger entire networks. Therefore, it is crucial to support SMEs in strengthening their cyber resilience. Targeted awareness campaigns, smart procurement strategies, and closer cooperation with EU partners will play a key role in this effort.

‘By focusing on these strategic pillars, we are positioning Belgium as a leader in cybersecurity. We are building a digital environment that is not only resilient but also progressive, innovative, and secure. The challenges are great, but together we have the expertise, vision, and determination to tackle them,’ concludes Jan De Blauwe, Chairman of the Cyber Security Coalition.

About the Cyber Security Coalition

The mission of the Cyber Security Coalition is to strengthen Belgium’s cyber resilience by building a robust national cybersecurity ecosystem. This is achieved by bringing together the expertise of academia, businesses, and government on a trust-based platform focused on promoting information sharing, operational peer-to-peer collaboration, formulating recommendations for more effective policies and guidelines, and ultimately conducting joint awareness campaigns for citizens and organisations. More than 1,000 representatives from our 199 member organisations participate in our activities and contribute to our mission.

Want to learn more? Download the Trends Book, featuring an interview with Rutger Saelmans, member the Coalition’ Focus Group on Cyber Incident Detection and Response. 

Public Wi-Fi is everywhere—whether you’re at airports, cafés, hotels, or your favorite bookstore. It’s convenient, but these free connections often come with significant security risks. Hackers can exploit unsecured networks to steal your sensitive information.

Want to stay safe while surfing? By understanding the risks and taking a few simple steps, you can protect your personal and professional data on public Wi-Fi.

The risks of public Wi-Fi

Public Wi-Fi networks are often unsecured, meaning anyone can join. In fact, McAfee s research shows that 40% of users have experienced data breaches while using public Wi-Fi.

But how exactly do hackers take advantage of these networks?

• Man-in-the-middle (MITM) attacks: hackers can intercept your data if you’re not careful. Instead of your device communicating directly with the Wi-Fi hotspot, the hackers can position themselves between you and the network. This allows them to steal sensitive information like passwords, credit card details, and emails.
• Fake hotspots (Evil Twin Networks): hackers often set up networks with names that look like legitimate public hotspots, such as “Free_Wifi_Hotel.” When you connect, they can intercept all your internet traffic, steal your data, and track your online activity.
• Malware distribution: if your device allows file sharing over a public network, hackers can easily inject malware or keyloggers. These programs can track everything you type—including passwords—and send that data back to the hacker.

Are all public Wi-Fi networks unsafe?

Not all public Wi-Fi networks are equally unsafe, but they always carry some level of risk. While many public networks are open and unsecured, some offer better protection, such as those with WPA3 encryption.

WPA3 encryption is a newer standard that significantly improves the security of Wi-Fi networks. Unlike WPA2, WPA3 makes it harder for hackers to intercept or crack passwords, and it also secures communication between your device and the router. These networks are much safer than open networks, but they are not completely foolproof. For example, if you use a public WPA3 network with weak or poorly implemented configurations, hackers could still find ways to exploit vulnerabilities. Additionally, even with WPA3, a hacker could potentially use a Man-in-the-Middle (MITM) attack if they gain control over the network, making it critical to stay cautious.

While WPA3 networks are more secure, it’s always wise to take extra precautions. Even a seemingly secure network can be compromised if a hacker gains access to the router or if the network’s settings are not optimized for security.

To maximize safety, you should always use a VPN and avoid entering sensitive information unless you’re on a trusted, private connection. Even with WPA3, public Wi-Fi should be used cautiously, as no network is completely safe. 

7 tips to keep yourself safe on public Wi-fi

Since public Wi-Fi is a bit like the Wild West, taking a few simple steps to protect yourself isn’t a frivolous luxury. Here’s what you can do:

1. Use a VPN (Virtual Private Network)
   A VPN creates a secure, encrypted tunnel for all your internet traffic. Even if you accidentally connect to a hacker’s network, they can’t read or alter your data. The best part? A VPN also hides your location and IP address, making it harder for hackers to track you.

2. Enable HTTPS
   Always make sure the websites you visit are using HTTPS (the secure version of HTTP). This encryption ensures that any data sent between your device and the website is protected from prying eyes. Set your browser to “always use HTTPS” for added protection.

3. Turn off file sharing
   When connected to public Wi-Fi, disable file-sharing settings on your device. This prevents hackers from accessing files on your device or installing malicious software. It’s a simple yet effective step to avoid unwanted intrusions.

4. Turn off Wi-Fi when not in use
   Even if you’re not actively using Wi-Fi, your device might still be broadcasting data to nearby networks. By turning off your Wi-Fi when you’re not using it, you reduce the chances of connecting to a malicious network. Plus, your device’s battery will last longer!

5. Avoid sensitive activities
   Avoid accessing banking sites, entering passwords, or making purchases while connected to public Wi-Fi. If you need to complete sensitive tasks, wait until you’re on a secure, private network.

6. Enable your firewall
   Your device’s firewall acts as a barrier, monitoring incoming traffic and blocking malicious connections. Most devices come with a built-in firewall that’s easy to activate, so be sure it’s turned on.

7. Update your software regularly
   Software updates often include security patches that fix vulnerabilities hackers could exploit. Keep your devices up to date to ensure you’re protected against the latest threats.

By following these tips, you can make your experience on public Wi-Fi much safer. Enjoy the convenience of free networks without compromising your data security.

Want more tips? Connect with us on LinkedIn for additional (Wi-Fi) security tips!

As industries embrace digital transformation, the need for robust cybersecurity has become more critical than ever. While many businesses focus on securing their IT systems, those in sectors like manufacturing and utilities must also protect their Operational Technology (OT)—the systems controlling industrial processes. Traditionally, IT and OT were distinct domains, but today they are converging into a single digital ecosystem, requiring a new, integrated approach to security.

We specialize in providing advanced cybersecurity services across five key pillars: Identify, Protect, Detect, Respond, and Recover. By partnering with SoterICS, OT security expert within de Cronos Groep, we can deliver holistic solutions that safeguard both IT and OT environments. This combined expertise enables organizations to develop comprehensive cybersecurity strategies that address the full spectrum of digital threats.

IT-OT security integration: a unified approach

The collaboration between Cronos Security and SoterICS exemplifies how IT and OT security can be seamlessly integrated. Through passive network monitoring, contextual analysis, adaptive learning, and staff training, they create solutions that protect operational systems without disrupting processes. Their approach is tailored to industries where OT is critical, ensuring that cybersecurity measures safeguard both the digital and physical aspects of an organization.

Key takeaways for organizations

For businesses looking to strengthen their cybersecurity, the following insights are crucial:

1. Treat IT and OT as interconnected parts of a single ecosystem.
2. Ensure security solutions are context-aware and adaptable to evolving threats.
3. Invest in knowledge transfer and staff training for effective system management.
4. Partner with experts that provide both IT and OT security expertise.

As digitalization continues, the need for integrated IT-OT security will grow. Organizations that adopt a proactive, unified approach will be better equipped to navigate future cybersecurity challenges.

You can read the full interview in Kompas Industrie (Knack).

Every month, approximately 2,900 new vulnerabilities are discovered, threatening IT infrastructures worldwide. The question isn’t if your company will be targeted but when. Without a proactive approach, your IT infrastructure and sensitive client data are constantly at risk. So, how can businesses protect themselves against this flood of vulnerabilities?

The Foundation of Cybersecurity: Vulnerability Management

At Cronos Security, we understand that Vulnerability Management (VM) isn’t just an option—it’s a necessity. It’s a fundamental pillar in your organization’s security architecture, designed to protect your business from potential breaches. VM provides a clear, comprehensive view of the vulnerabilities in your technical landscape, allowing you to effectively manage and mitigate risks. By aligning VM with your organization’s risk appetite, we help you strengthen your cyber resilience and ensure compliance with regulatory frameworks like ISO 27001, NIS2, and CIS.

Who Benefits from Vulnerability Management?

Vulnerability Management isn’t just a technical task—it’s a strategic initiative that brings value across various levels of your organization. Whether you’re a CISO, a security manager, an IT leader, or an engineer, VM offers tailored benefits. Identify your role below and discover how VM can help you meet your objectives:

• CISO (Chief Information Security Officer):
  Your goal: Oversee the organization’s security posture and ensure compliance.
  VM advantage: VM gives you the visibility and data needed to make informed decisions about resource allocation and risk management. It also supports you in demonstrating due diligence to the board and meeting regulatory requirements. When advocating for VM, highlight how it directly contributes to reducing the organization’s overall risk and maintaining compliance.
• Security Manager or Team Leader:
  Your goal: Direct your team’s efforts efficiently and address the most critical security threats.
  VM advantage: VM provides a prioritized view of vulnerabilities, enabling you to focus on the most critical issues. It also helps coordinate efforts across teams, ensuring remediation tasks are tracked and completed on time. When discussing VM with peers, emphasize how it streamlines workflows and makes your team’s efforts more effective.
• IT Manager:
  Your goal: Ensure the health and security of the IT infrastructure.
  VM advantage: VM allows you to proactively identify and address vulnerabilities before they become critical issues, minimizing downtime and ensuring systems stay compliant and secure. When promoting VM to your team, stress how it helps maintain operational continuity and prevents unexpected disruptions.
• Compliance Officer:
  Your goal: Ensure the organization meets all relevant regulatory requirements.
  VM advantage: VM supports structured compliance efforts by providing a clear process for identifying, prioritizing, and remediating vulnerabilities. This simplifies audits and documentation. To gain support for VM, emphasize how it ensures compliance while reducing the risk of regulatory penalties.
• Risk Management Professional:
  Your goal: Quantify and manage the organization’s risk profile.
  VM advantage: VM allows you to integrate technical risks into broader risk assessments, providing a more accurate view of the organization’s overall risk. When discussing VM with others, highlight how it offers critical data that supports strategic decision-making and risk reduction.

Why Choose Cronos Security for Your Vulnerability Management Needs?

At Cronos Security, we bring extensive experience from both the public and private sectors in implementing Vulnerability Management. Our team has successfully guided organizations through the complexities of VM, ensuring they are protected against emerging threats and remain compliant with the latest regulations.

Our approach goes beyond deploying tools; we focus on building a sustainable VM capability aligned with your organization’s unique risk profile. We understand the challenges different sectors face, whether navigating stringent public sector regulations or managing the fast-paced demands of the private sector. With our experience, we tailor VM solutions to your specific needs, ensuring smooth implementation and ongoing support.

What Do You Need to Start Vulnerability Management?

Effectively managing vulnerabilities starts with scanning your IT assets for potential weaknesses. However, the process involves several key steps and considerations:

1. Define Your Scope:
   Decide which assets will be included in the VM process—servers, workstations, network devices, and more. It’s crucial to establish clear roles, responsibilities, and the necessary resources to reach your desired VM maturity level.
2. Build an Asset Inventory:
   Before scanning for vulnerabilities, ensure you have a complete inventory of your assets. Use tools like Lansweeper or Nmap to discover all assets, including shadow IT. Accurate asset discovery is critical, especially in environments with dynamic IP addresses (such as laptops and mobile devices).
3. Acquire a Vulnerability Scanning Tool:
   A vulnerability scanner is the heart of your VM capability. The market offers a range of tools, from basic scanners to comprehensive platforms that integrate with patch management, incident response, and risk management. Carefully selecting the right tool based on your requirements, budget, and resources is key.
4. Configure the Scanner:
   After acquiring the necessary licenses, configure the scanner to meet your needs. Consider factors like network accessibility, scanner placement, user access, and scan frequency. Proper setup ensures thorough coverage and effective scanning.
5. Execute the Vulnerability Management Process:
   Follow the six steps of VM to identify and address vulnerabilities:
   • Discovery: Use the scanner to detect vulnerabilities.
   • Prioritization: Assess and prioritize vulnerabilities based on their potential impact on your business.
   • Evaluation: Analyze prioritized vulnerabilities and determine the appropriate remediation strategy.
   • Remediation: Implement the agreed-upon remediation actions.
   • Validation: Confirm that remediation was successful.
   • Reporting, Monitoring & Review: Set KPIs, involve management, and continuously improve the VM process.

Conclusion

In today’s ever-evolving cybersecurity landscape, Vulnerability Management isn’t just another task—it’s a vital defense mechanism. By integrating VM into your organization’s cybersecurity framework, you strengthen your defense against the multitude of digital threats. At Cronos Security, we have the expertise to guide you through this process, ensuring your organization remains protected and compliant with industry standards.

Cybersecurity is now a critical component of any business operation. Whether you’re operating on a large scale or as a small business, the complexity and frequency of cyber threats continue to increase. While large organizations often have the resources to maintain extensive in-house cybersecurity teams, this is a challenge for many small and medium-sized enterprises (SMEs).

Here are 10 situations where outsourcing cybersecurity can be a smart choice and how specialized service providers can help you:

Limited Internal Expertise 

Many SMEs struggle to assemble a full team of cybersecurity experts. The knowledge and experience required are often scarce and expensive to retain. By partnering with specialized service providers, businesses can access advanced technologies and expertise that would otherwise be unattainable. Our experts ensure your systems remain up-to-date and protected against the latest threats. 

Cost-effectiveness 

Building and maintaining a full-time in-house cybersecurity team entails significant costs. Salaries, training and infrastructure represent a hefty investment. Outsourcing offers a cost-efficient alternative, where you only pay for the services needed without the overhead of permanent staff and expensive infrastructure. This way, you optimize your budget and still get the best security. 

Focus on Core Business 

For most SMEs, focusing on their core business is essential for growth and success. By outsourcing cybersecurity, you can focus your resources and energy on business development and innovation without the worry of cybersecurity complexity. You focus on your business and your expertise—we focus on managing your security, our expertise. 

Scalability 

Cybersecurity needs can fluctuate depending on your business’s growth and development. Outsourcing provides the flexibility to adjust security efforts according to your organization’s needs without worrying about hiring or firing employees. We ensure that your security is always tailored to your current situation. 

24/7 Monitoring and Incident Response 

Many specialized security service providers offer 24/7 monitoring and incident response. For internal teams, this can be challenging, given staffing levels and workloads. Outsourcing ensures immediate action against threats, regardless of the time of day. With an external team on your side, you don’t have to worry about an out-of-hours attack.  

Access to Advanced Tools and Technologies 

Cybersecurity specialists have access to and knowledge of the latest and most advanced tools and technologies. For many companies, these tools are prohibitively expensive to purchase and maintain. By partnering with an external provider, you gain access to these tools without the high costs, ensuring your security remains up-to-date. 

Regulatory compliance 

In certain industries, there are strict legal requirements for data security. Failure to comply with these can have serious consequences. Outsourcing to experts familiar with these regulations helps you stay compliant and avoid costly penalties or legal issues. We ensure your business complies with all relevant regulations and standards. 

Threat Intelligence 

Cybersecurity specialists often have access to extensive information on current threats. They proactively address potential threats, keeping your business better protected against potential attacks. Our team continuously monitors the threat environment and adapts your security strategy accordingly. 

Risk management 

Outsourcing helps companies manage and mitigate risk by leveraging the experience and resources of specialized security service providers. This reduces the impact of cyber incidents and helps minimize damage. We help you identify and manage risks to ensure your business continuity. 

Incident response and recovery 

In the event of a cyberattack, it is crucial to have an experienced team ready for incident response and recovery. External teams often bring experience and can act quickly and effectively to minimize damage and restore business operations. With our incident response team, you can be confident that your business will be up and running again quickly after an incident. 

Outsourcing cybersecurity offers numerous benefits that can help protect your business from growing cyber threats. By using specialized security service providers’ expertise, tools and technologies, you can strengthen your security posture while optimizing costs. Investing in cybersecurity and protecting your business from tomorrow’s threats is a necessary step every business should take! 

This article was written by nFuse, one of our Cronos Security partners.