‘We need you’: cybersecurity starts with you

05/03/2026 | By

For many people, cybersecurity sounds technical – something for ICT specialists sitting at computers guarding lines of code. Until you receive a suspicious email. Or leave your laptop on the train. Or a system suddenly stops working. Then it becomes something that concerns all of us. We spoke with Sabine Marichal, our ICT Security & Risk Officer, about what is done every day to keep UAntwerp digitally secure and why your behaviour is crucial in that respect.

Cybersecurity isn’t an ICT issue. It’s a culture.

In 2019, UAntwerp was hit by a cyberattack. Everything came to a standstill. In a painful way, it made clear how dependent we are on digital systems. Since then, the university has structurally strengthened its approach to cybersecurity, with additional resources, expertise and initiatives. The Security Operations Center (SOC) was established, a team that monitors our digital security on a daily basis. But technology alone isn’t enough.

‘We can do a great deal at ICT, but if our staff think: “That’s something that only concerns ICT”, then we aren’t secure. Cybersecurity is a shared responsibility,’ says Sabine Marichal.

Digital systems support everything we do: education, research, administration and international collaboration. If they fail, or if sensitive data are leaked, the impact is immediate – not only internally, but also on our reputation. Trust isn’t restored with a single software update. 

What are we actually protecting?

UAntwerp manages a vast amount of data:

  • personal data of staff and students
  • sensitive research data
  • financial and administrative data
  • intellectual property
  • collaboration agreements

In addition, our systems, applications and devices (laptops, monitors, servers, Wi-Fi routers, etc.) are crucial for the continuity of education and research.

A laptop left on the train isn’t “just a laptop”. An unintended click on a phishing email isn’t “just one mistake”. An unpatched application isn’t “just a technical delay”.

– Sabine Marichal, ICT Security & Risk Officer

Cybersecurity revolves around four key questions:

  • Do our information and data remain confidential?
  • Are our data complete, accurate and valid, and protected against unauthorised alteration?
  • Do our systems remain available? Can information be accessed and used when needed?
  • Is it clear who performs which actions?

‘Many people spontaneously think of hackers in hoodies when they hear the word cybersecurity,’ says Sabine. ‘But the reality’s far more professional and organised. Nowadays, cybercrime is a business model, involving more money than the drugs trade. And we’re also living in a geopolitically uncertain world, where ideological and political threats are present as well.’

What does the Security Operations Center do?

The Security Operations Center (SOC) is UAntwerp’s internal monitoring team. Three specialised staff members follow up alerts and reports every day, generated by pre-installed security tools, the helpdesk portal and reporting phishing. Their work is primarily defensive: detecting, analysing and follow up on any incidents until they can be closed.

‘You can compare it to Swiss cheese,’ says Sabine. ‘If there is a hole in the security layer, it does not necessarily lead to disaster, provided that there are enough layers. And whatever does threaten to slip through is caught by the SOC. Not every report turns out to be a serious incident. Often it’s harmless, but we investigate every report. We investigate every report, but not every report leads to an incident. Nevertheless, we must always remain alert.’

Where does it often go wrong?

Experience shows that certain issues recur frequently:

1. Postponing updates

Updates often contain security improvements. If you postpone them, you unknowingly leave an opening for attackers. Older software is vulnerable to misuse – and that’s exactly what criminals need.

2. Considering security only at the end

In new projects, the focus is often on functionality. By adding cybersecurity only at the end, you miss the opportunity to automate measures and limit the risks for the university.

3. Inattention

Many incidents start small. One careless click. One screen left unlocked. One attachment opened too quickly.

Mental warning light

Cybersecurity isn’t about distrust, it’s about awareness. You should always have a small mental warning light on when you’re working with data. What information am I using? How sensitive is it? Can I store it here? Can I send it in this way? Is this email genuine?

Taking a moment to reflect on the data you’re working with makes a world of difference.

– Sabine Marichal

The role of supervisors

Supervisors play a key role in this respect. ‘If security is never mentioned, it seems unimportant. Managers need to work up the courage to have this conversation,’ says Sabine. ‘We want a culture where someone says: “Something isn’t right here”, and is appreciated for doing so.’

This means:

  • explicitly including security in projects
  • encouraging staff to ask questions
  • normalising the discussion of risks
  • seeing reports not as criticism, but as responsibility

A shared responsibility

Cybersecurity isn’t something distant or abstract. However robust the firewalls are, however carefully policy documents are drafted… we can only be secure if everyone takes part. It’s an essential part of high-quality education, reliable research and professional collaboration. We need you.

Cybersecurity is often about small habits:

Want to know more?

Be sure to have a look at the Infocenter Cybersecurity on Pintra. There you’ll find our cybersecurity policy, practical guidelines and clear explanations of threats such as phishing and ransomware, so that you can help keep our data and systems secure.

To the posts