Intelligence experts have warned this week that companies in the Netherlands need to be better prepared for cyber attacks originating from countries such as Russia and China. Messages like these repeatedly prove that it is more important than ever to have your security in order. And by “in order” we don’t mean carrying out a single annual penetration test. No, we are talking about continuously testing your organisation’s resilience.
Organisations Overestimate Their Own Resilience
The Cybersecurity Report 2025, which we conducted in collaboration with Solvinity, shows that many organisations still overestimate their own resilience. They also struggle to maintain a structured understanding of their IT environment and to respond to incidents in a timely manner.
According to NOS, malicious actors also target suppliers - especially the weaker links in the chain. Even if your organisation has everything in place, you could still be a potential entry point for major cyber or hybrid attacks. Consider, for example, the data breach at Clinical Diagnostics where the personal details of hundreds of thousands of women taking part in a national health screening programme were stolen. Or the recent hack at Bun, the largest Albert Heijn franchisee, where passports and personnel files containing salary data, sick leave records and performance reviews were stolen.
Annual Pentests Will Not Prevent Attacks
The “affluence disease” (“it won’t happen to me”) mentioned in the NOS article is something we at Securify see daily. Many organisations still rely on annual penetration tests, while attackers operate unpredictably.
A penetration test offers only a snapshot: it tells you how secure you were at the time of testing – but not how secure you will be tomorrow, next week or after your next software update. In a threat landscape where Russia and China deploy new attack vectors every day, that snapshot could already be outdated before the report lands on your desk.
Red Teaming: Test Your Organisation’s Real-World Resilience
Before you start improving your security, you first need to know where you stand. Test your organisation’s current resilience. With Red Teaming, you simulate realistic attacks to discover exactly where you are vulnerable and how effective your defences are in practice. This could include supply chain attacks targeting weak links in your supplier network, precisely the scenario experts in the NOS article describe. A Red Teaming exercise immediately shows how well prepared your organisation is for cyber attacks and how resilient you really are.
From Snapshot to Continuous Monitoring
Once you know your true level of resilience, it’s time to look at improving your security. We now know that annual penetration tests are no longer enough. The need for continuous security checks is critical. Attackers do not wait for your next pen test. This is where Continuous Pentesting comes in. With this approach, you immediately know with every new release, configuration change or update whether new risks have arisen and how to mitigate them. This way, you give hackers no opportunity to exploit potential vulnerabilities.
Insight is Key
This week, NATO parliamentarians met to discuss cyber threats from China and Russia. Yet security adviser Bauer does not expect these parliamentarians to come up with concrete solutions quickly. He notes that it remains difficult to defend effectively against hybrid cyber attacks (including those involving drones) but emphasises the importance of becoming faster and better at detecting and responding to attacks.
At Securify, we believe prevention is always better than cure. Insight is essential: knowing which systems you have, which data must be protected, and where you are vulnerable. With that insight, it becomes easier to take targeted measures in detection and response. Once your preventive security is well established, defenders in the Security Operations Centre (SOC) can also work more effectively.
Take Action with Continuous Security
Threats from China and Russia are not a distant problem. Drone incidents, data leaks at government agencies and sabotage of suppliers are methods used to spread fear, create division and disrupt vital infrastructure.
Without thorough risk analyses and testing methods such as Red Teaming and Continuous Pentesting, you operate reactively, leaving gaps in your defences that make such threats far more likely.
Curious about how you can employ Continuous Pentesting and Red Teaming to protect your organisation 24/7 against cyber attacks? At Securify, we think, understand, work and live like real hackers – and support you from this perspective in your ongoing fight against cybercrime. Contact us today for more information. Contact us now.