“It is a daily game of cat and mouse”

Eli Backs:

As team lead of the Security Operations Center (SOC), Eli Backs monitors DPG Media’s digital environment around the clock, together with his team. “We see ourselves a bit like a police service,” says Backs. “We investigate, protect and advise. Our goal is simple: to prevent problems before anyone is affected.”

The SOC processes vast amounts of data every day. “In essence, we do what a home alarm system does: we continuously check whether someone is trying to get in where they shouldn’t. Examples include phishing emails and attempts to mislead systems.”

It’s important to understand what types of attackers are active. “Sometimes they’re cybercriminals looking to make a quick buck; sometimes they are activists who want to make a statement. And increasingly, they’re highly professional groups, sometimes even backed by states. That makes the playing field more complex.”

“Most attack attempts go unnoticed by colleagues, and that’s exactly the point. Cyberattacks are far more sophisticated than they used to be. You don’t even need to be a technical expert anymore to buy an attack on the dark web. As a result, the number of threats continues to grow.”

“Hackers are opportunists. They go for the easiest target. That’s why we make sure DPG Media is as unattractive as possible to them. We investigate every signal, no matter how small. It really is a game of cat and mouse. Attackers constantly adapt, and so do we. Our work is never done.”

Gert Leenders:

Several years ago, DPG Media closed its own data centres and largely moved its IT infrastructure to the cloud. This supported innovation, as the cloud makes it easier to develop and roll out new ideas quickly. However, this major shift also changed the role of security.

“Security is no longer just the responsibility of one central department, but of all IT teams,” says Gert Leenders. “We now look at security right from the start of every project. This allows us to detect vulnerabilities earlier, work more proactively, and it also reduces costs.”

This increased focus on security is no luxury. “A media company like DPG Media is particularly interesting to malicious actors. We have a large reach and are highly visible. In this era of disinformation and invisible propaganda, that means we’re an attractive target. At the same time, technology is evolving rapidly. The rise of AI is increasing the possibilities for cyberattacks, while our infrastructure is becoming more complex as the company grows.”

“To address these challenges, we have established the SecDevOps community. This brings together developers (Development), operators (Operations) and security specialists (Security). The goal is to build in security from the start rather than adding it afterwards. Teams that have everything well under control receive recognition for this. In this way, we keep our systems both modern and secure.”

Sofie Delaruelle:

Sofie Delaruelle is an IT Risk Controller. Together with the team, she carries out extensive checks. “For every app or tool we build or manage, the responsible teams answer 350 questions,” says Delaruelle. “This ensures that everything meets our strict security requirements and shows us where improvements may still be needed.”

These checks often take several days and not only help identify risks, but also raise awareness of cybersecurity. “A list of 350 questions really makes people think. Sometimes they discover things they hadn’t considered before. Vulnerabilities are assigned to someone within the organisation, so action can be taken. In other words, our work is also proactive: we take measures before anything can happen.”

“We also monitor the security of external parties. DPG Media works with many software suppliers. Before starting a collaboration, we assess whether a supplier meets our security requirements. If there are major issues that can’t be resolved, we advise against working together. In this way, we protect the organisation against threats from external parties.”

In doing so, the team also contributes to a culture in which everyone within DPG Media is more conscious about IT security. “It’s a responsibility we all share.”