Users unfamiliar with cybersecurity and its threats increase the risk of cyberattacks
The cyberspace is clogged with lurking threats created by hackers who want to exploit Internet users. And with remote work becoming the new normal, cyber felons have itchy fingers and are increasingly discovering more vulnerabilities.
The cyber world can be dangerous for not only individuals but organizations as well, with some of the most common threats being ransomware attacks. The consequences vary from stolen sensitive data or huge financial loss to ruined brand reputation.
Companies should be aware of such threats and widely implement cybersecurity measures, such as secure remote access and industrial security solutions.
For this reason, we had a discussion with Siegfried Mueller, the Owner and CEO of MB connect line, a company that offers Secure Remote Access, Industrial IoT, and Industrial Security services. Mueller shared his views on cybersecurity and the measures industries should take to secure their businesses.
Tell us more about your story. What inspired you to create MB connect line?
Technology has always fascinated me. I got my first computer at the age of 10 and learned BASIC (Beginner’s All-purpose Symbolic Instruction Code). After my training as an industrial electronics technician, I gained experience in mechanical engineering and automation technology. In the 90’s, remote maintenance was not yet widespread and therefore, I had developed my own system which I also used for remote programming of machines. Marketing the self-used system and making it accessible to others was the beginning of MB connect line in 1997.
Can you tell us about what you do? What issues do your solutions help solve?
We started our business by providing devices to remote diagnostics and programming control systems like PLC, HMI, etc. It was mainly modems with the capabilities to deal with industrial communication protocols. Now, we have developed an ecosystem, mbCONNECT24, for industrial remote access. That means we are offering several secure industrial routers like mbNET or mbNET.rokey to interconnect with our cloud service and users. With our technology, every service technician is able to remotely access his machine to immediately help his customer and get the machine up and running again.
You mention that IT security requires a more cooperative approach when it comes to industrial products and solutions. Would you like to share more about this approach?
First, we need to understand two domains – one is IT (Information Technology) and the other is OT (Operation Technology). People from OT are using different tools of hardware and software than IT people. It is obvious that IT security is already present and familiar to IT people and their environment, and if we try to push the IT-Security tools to OT people now, it will not work. One part of the solution is that we need to provide them a UI (User Interface) which is more OT related.
The other part is that we need to bring both domains together so that each of them understands their daily work and challenges. Because if we look into the priorities of each domain, we see that IT is focusing on confidentiality with emphasis on integrity and availability, and OT is focusing on availability with emphasis on integrity and confidentiality.
How do you think the pandemic affected the IoT landscape? Did you notice any new threats emerge?
One main change was that service technicians were not able to travel anymore. So they had to find a solution to remotely serve machines and plans. One solution was clearly the remote access which we recognized very well. And it also pushed the digital path and made people start their IoT projects. They wanted dashboards with machine data remotely available and everywhere. But the OT infrastructure consists of many legacy systems. With this IoT approach, the legacy systems will be connected to the Internet or at least interconnected to somewhere where it was not originally built for. And you can imagine what would happen if it was made without IT security measures.
In your opinion, which types of organizations should be especially concerned about securing their network?
Well, I can mostly speak about the OT environment. I believe that we need to focus on critical infrastructure first because a threat here will have the most impact on all of us. The challenge now is understanding what “critical infrastructure” is and how it is affected by the industry. In my opinion, this can even be a food and beverage industry as they are supplying us. Imagine a hacker changing a recipe of a production machine which may then produce bread with intolerable ingredients. This industry immediately moves to being “critical”, right?
What are the main changes you have witnessed throughout the years in the industrial security field?
People are becoming more interested in security sets and measures which is good! More people are starting to understand security risks and have concerns regarding them. In our environment, we have two kinds of groups. One is the machine builder and the other is the end user who is operating the machine. The main security concern started with the end user site years ago, and now they were able to raise their machine supplier’s attention to this topic. Interestingly, it was the end user who was pushing the manufacturer to provide a more secure solution.
What cyber threats do you think we are going to see more of in the next few years?
Definitely Ransomware and DoS. The risk of ransomware comes automatically along with the huge increase in digitization. Whether you want to or not, everybody is connected. Some people didn’t use computers much in the past, but due to the switch to remote work and other factors, a lot of individuals have to use them daily. New users who are not very familiar with cybersecurity and its threats can increase the risk as they are more likely to fall victim to cyberattacks. They are more vulnerable to ransomware, phishing, and other cyberattacks.
The reality is that DoS attacks on IoT devices will continue to grow. As I mentioned, everything is becoming more and more connected, but most users and companies in various industries don’t want to install and adapt new equipment. They will just add “Internet” to their legacy systems, even though they were not originally developed for being connected to the untrustworthy cyber world.
In the age of remote work and online learning, what would you consider the essential security measures everyone should implement?
One of the essential measures for anyone is security awareness training. Everybody needs to understand the potential risks and how to minimize or prevent them.
Meanwhile, in practice, using strong passwords, two-factor authentication where possible, and updating your software are also crucial measures to take in order to ensure security.
And finally, would you like to share what’s next for MB connect line?
We will focus on our ecosystem to provide secure connectivity to the OT environment and extend it with monitoring and anomaly detection. We want to help to make the OT environment more secure.