Industry 4.0 faces increasing challenges in terms of its protection. Ensuring only the physical safety of a factory is no longer enough. The security incidents that cause shutdowns in the manufacturing processes, the loss or leakage of information, or the regulatory and legal breach, which is increasingly complex in terms of information security, gave rise to the birth in 2017 from InprOTech, formerly called Inprosec Auto. In this short time of life it has already been selected by INCIBE (National Cybersecurity Institute) as one of the top 10 cybersecurity projects in Spain.
Statistics say that 50% of Galician companies have suffered a cyber attack in the last year, both in their office environment and in the factory. This percentage may be even higher, since in the factory it is often ignored that a malfunction may be caused by this fact. With the hacking tools that exist today, “even 14-year-old kids can paralyze entire cities in the United States, or compromise water purification plants. We are already talking about altering public health. With YouTube tutorials you can do a hacking, It is not necessary to be an expert, just to have the bad luck of being chosen as your objective “, explains Alejandro Alonso, chief of operations of InprOTech.
Statistics say that 50% of Galician companies have suffered a cyber attack in the last year
The origin of this company arises from its presentation in 2017 to an accelerator, BFAuto (Business Factory Auto), which drives the Galician Innovation Axencia (GAIN). They found needs in the automotive sector. There were many attacks on their systems, and they decided to mount a specific section. They took a new step when they learned that the automatisms for making cars are the same as for making wood, cans of canning …, then they wanted to target the entire industry 4.0. .
Its portfolio of services is divided into three areas. The first is the strategic security of customers, second the European and American cybersecurity regulations. The second area affects technical safety. In this sense they perform an intrusion test; on the one hand they attack the client systems as they had not been known, to try to obtain administration permits for the entire system: this is known as a black box attack. They also carry out the white box attack, in which they receive permits as they were a base employee of the company, thus trying to obtain complete control. “This is one of the most frequent attacks our clients suffer. The attack of insiders: disgruntled employees, who are going to be fired, or others who are careless and introduce infected USBs in the factory. The third area would be training and awareness. On the one hand, aimed at making managers aware of the importance that cybersecurity has for their company. In a second phase they try to teach good practices to employees.
InprOTech, in collaboration with Gradiant and Checkpoint, is introducing a new product called Inprotech Guardian. It is a device that can be connected to the devices of the factory and, without being intrusive, listens to what happens on the network (types of communications between machines, network protocols …). Perform a vulnerability analysis. “The product covers needs that we have identified among customers, there are certain security holes between what companies think and that there really is. They offer active protection, not just an interface to view alerts, which is a plus. We accompany them in the analysis of alerts and vulnerabilities of their systems, as well as in the protection of cyber attacks. We are one of the few that offer a parallel service. ” The product is under development with pilots in companies, and this version will develop different modules and artificial intelligence. With this innovation, InprOTech immediately expects to grow 50% in its turnover and 100% in the coming years.
Cyber attacks with ‘bailouts’ up to 200,000 euros
According to Alejandro Alonso, the most common cyber attacks suffered by Galician companies are ransomware attacks, in which they directly hijack all the devices of a factory and ask for a rescue to recover them. The reaction time is crucial there. That’s why they want a system that analyzes network traffic in real time. “If you react within two weeks of a ransomware, when it goes viral, it’s too late; isolating that equipment prevents it from spreading throughout the manufacturing chain. ”
These cases are increasingly common in Galicia, so the director of operations of InprOTech understands that the mentality in Galician companies has to change. “We cannot ask for protection after suffering a cyber attack and having losses.” Just as there is already a lot of awareness in the prevention of occupational hazards, in physical security and in the perimeter, and security services are hired for these aspects, he understands that companies must learn to invest in the most important safety, which are The means of production. “You hire a person to watch the factory, but you don’t see the need to protect the true value of your company, which is in your business process. We are working on that awareness and on teaching how easy it is for you to stop the business, and the profitability that you get, because just stopping a cyberattack would already be amortized. ”
There is a tradition of thinking that you have your factory protected because you have nothing connected. Due to market and technology requirements, factories have had to connect. Meanwhile, in the IT office environment, the systems were advancing with antivirus…, in factories they have obsolete systems such as a WindowsXP and had to access the Internet directly. They were not prepared to overcome the attacks for those who were prepared in the offices. Simply by having the systems in a private network, they can stop your manufacturing. A hospital, trains, a smart-city, can be paralyzed by attacks. Alejandro Alonso set the example of a Galician company that resorted to its services. “It was a company in the automotive sector where the system was kidnapped. They were asking for 70,000 euros. When this happens, they call us, but there you can do little, unless you have backup copies. They had to pay the costs of a five-day plant shutdown, plus the costs of recovering the systems”. Other cases that know of this type of blackmail were around 200,000 euros from the request of hackers to the company.
The client is the one who decides whether to notify the police in these cases, but “they do not have the capacity to solve the problem. Our function is to act as cops, and also help them psychologically to overcome that blow, ”says the chief of operations of InprOTech, which ensures that they always recommend not paying, just as the police do in a kidnapping. That the payment is made does not guarantee that they will give you the key to decrypt your system. In addition, these payments are made in cryptocurrencies, and it can happen that the rescue that one day is 60,000 euros, two days later it costs 70,000.
The problem does not end there. It can happen, in the case of giving in to blackmail and making the payment, that you enter a blacklist and end up becoming what is known as an APT (persistent attack over time), that is, receive an attack already much more personalized. If someone is responsible for analyzing emails, company processes, among other things, can make a more specific attack and demand much more money, because “they know that these people are willing to pay”. Now companies work from mobile phones, tablets, manage electronic invoices … there is more and more monitoring and there are no paper files as there were before. For all this, from InprOTech they warn that, “80% of the value of a company is your means of production and not to protect it is to play with fire”.