Fast Facts
- The Centre for Cybersecurity Belgium (CCB) reported an 80% increase in incident disclosures in 2025, driven by the NIS2 directive promoting transparency, not necessarily an actual rise in attacks, with data revealing a complex threat landscape involving cybercrime, nation-state activity, and supply chain risks.
- Account compromise and phishing dominate attack vectors, with sophisticated campaigns combining email and messaging to target human vulnerabilities, while ransomware incidents, though stable in number, have become more damaging through increased extortion tactics.
- State-linked threats, especially pro-Russian hacktivist DDoS campaigns, remain active but limited in impact, thanks to effective rapid response procedures like Belgium’s ‘Red Button,’ demonstrating the importance of coordinated defense efforts.
- Key systemic risks include rapid exploitation of vulnerabilities (average 5 days to active attack), supply chain compromises, and credential theft, prompting recommendations for strengthened identity controls, faster patching, improved DDoS resilience, and ongoing user awareness.
Underlying Problem
In 2025, the Centre for Cybersecurity Belgium (CCB) reported a significant increase in cyber incidents and reporting activity. This surge, which rose by approximately 80%, did not necessarily mean more attacks but reflected broader participation from organizations due to the enforcement of the NIS2 directive. This directive has led to greater transparency, with organizations becoming more aware of their cybersecurity obligations and detection capabilities improving. As a result, Belgium’s critical sectors are experiencing a mix of cybercrime, state-linked activities, and supply chain risks. Attackers mainly target operational disruptions and data theft by exploiting interconnected systems, with account compromises and phishing remaining the primary methods of entry. Despite the rise in reported incidents, agencies like the CCB have been effective in mitigating impacts through rapid response coordination, highlighting the importance of preparedness and collaboration.
Furthermore, the report emphasizes a shift in attack tactics, with vulnerabilities being exploited faster—in some cases within 24 hours—and cybercriminals increasingly using sophisticated techniques powered by automation and artificial intelligence. Ransomware incidents, although stable in number, have become more damaging as attackers combine encryption, data theft, and extortion. Meanwhile, geopolitical tensions persist, with pro-Russian hacktivist groups targeting Belgian entities through coordinated DDoS campaigns, often timed to geopolitical events. However, the CCB’s ‘Red Button’ system and proactive measures have helped limit the actual damage from these attacks. Overall, the report underscores the evolving threat landscape and advocates for strengthened security measures, rapid patching, and ongoing awareness efforts to counter the rising cyber pressure on critical infrastructure.
Risk Summary
The issue titled “CCB report reveals rising cyber pressure on critical infrastructure as reporting surges under NIS2” highlights how similar challenges can directly impact your business. As cyber threats intensify, the pressure to identify and report vulnerabilities increases—especially under new regulations like NIS2. This surge in reporting means more frequent scrutiny and potential exposure to cyber risks, which can lead to costly disruptions, loss of data, and damage to your reputation. Furthermore, if your business handles essential services or sensitive information, falling behind on cybersecurity or failing to report promptly can result in severe penalties and operational setbacks. Therefore, without proactive measures, your business becomes more vulnerable to cyberattacks, regulatory fines, and loss of customer trust—threatening your long-term stability and success.
Possible Next Steps
In an era where cyber threats are accelerating rapidly, prompt remediation becomes indispensable to safeguarding critical infrastructure. The CCB report highlights a surge in reporting under NIS2, signaling both increased threat awareness and vulnerability exposure. Without swift action, organizations risk devastating disruptions, financial loss, and compromised public safety.
Mitigation Measures
Continuous Monitoring
Implement real-time security monitoring systems to detect anomalies and threats immediately, enabling rapid response to emerging attacks.
Vulnerability Assessments
Conduct regular scans and audits to identify weaknesses proactively, ensuring that remedial steps can be taken before exploitation occurs.
Incident Response Planning
Develop and regularly update a comprehensive incident response plan to streamline action during security breaches and minimize impact.
Patch Management
Ensure timely application of security patches and updates to close vulnerabilities and prevent exploitation by attackers.
Access Control
Enforce strict access controls and multi-factor authentication to limit unauthorized entry and reduce insider threats.
Stakeholder Coordination
Foster collaboration among government agencies, private sector entities, and cybersecurity experts to enable coordinated and swift remediation efforts.
Training & Awareness
Provide ongoing cybersecurity training to staff, emphasizing the importance of timely detection and response to potential threats.
Backup and Recovery
Maintain and regularly test secure backups to facilitate swift recovery from cyber incidents, reducing downtime and data loss.
Continue Your Cyber Journey
Explore career growth and education via Careers & Learning, or dive into Compliance essentials.
Understand foundational security frameworks via NIST CSF on Wikipedia.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
