FAQ on Spear Warnings

The Centre for Cybersecurity Belgium (CCB) is the national authority for cybersecurity in Belgium. The CCB supervises, coordinates, and monitors the application of the Belgian cyber security strategy. Through optimal information exchange, companies, the government, providers of essential services and the population can protect themselves appropriately.

The CCB was established by Royal Decree of 10 October 2014 and operates under the authority of the Prime Minister.

Safeonweb@work is an initiative of the CCB aimed at Belgian companies and organisations. Its aim is to strengthen the cybersecurity of Belgian companies and organisations by providing them with advice, recommendations, and tools by means of various services, enabling them to identify and mitigate the vulnerabilities of their systems and to be alerted to cyberthreats.

A vulnerability is a weakness in an IT system that can be exploited by an attacker to perform a successful attack.

Ransomware is a type of malicious software designed to block access to a computer system by encrypting it until a sum of money is paid.

If you do not have a designated IT professional in your organisation, we recommend contacting a company that can help with the remediation of the issue.

We recommend following the preventive measures described in the CyberFundamentals Framework designed by the CCB. It offers concrete measures to protect your data, significantly reduce the risk of the most common cyber attacks and increase your organisation’s cyber resilience. Depending on the cybersecurity maturity level of your organisation, four diverse levels of the Framework are available to start from: https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework.

Traffic Light Protocol (TLP) is a standardized system for classifying and managing sensitive information. It is used by organisations to protect sensitive data and to ensure that information is only shared with those who need to know. TLP:AMBER is used when information requires support to be effectively acted upon, yet carries risks to privacy, reputation or operations if shared outside of the organisations involved. It is advised you limit the amount of people accessing these documents to the ones that can help remediate the problem.

If you wish to be alerted for future threats via other contact details, we recommend you register for our safeonweb@work service. This also ensures you will always be notified if there is a threat detected in your infrastructure.

Dates between collection and dissemination of the letters can vary. Collection of the information is sometimes done in advance of the planned dissemination date. Additionally, depending on the vulnerability, we cannot always detect if your systems have the right patches applied. In case of doubt, we always proceed further, to not let a potential risk vector slip by unnoticed. If you have more questions regarding our services and what we can offer to your organisation, visit our support page at: https://atwork.safeonweb.be/support.