Cybersecurity, a problem with capital letters
On the occasion of World Internet Day, celebrated on May 17, the CEO of ZIUR, Koldo Peciña, reflects on cybersecurity and computer attacks.
The war in Ukraine and the "Pegasus" scandal involving espionage against various political leaders have placed everything related to cybersecurity in the public debate in recent weeks. All this, without losing sight of all the "cybercrimes" that day after day lurk behind the screen of our computer, tablet or mobile phone.
The celebration of World Internet Day, on May 17, once again highlights the opportunities and risks of a connected world of which we are a part and that affects us as citizens, as companies and as organizations of all kinds.
Precisely, at ZIUR Fundazioa, Gipuzkoa's Advanced Center for Industrial Cybersecurity, we work to strengthen and develop the cybersecurity capabilities of industrial companies in our territory, both when it comes to defending themselves against possible attacks and developing cybersecure products and services.
Therefore, our vision aims to underline the importance of cybersecurity in the competitiveness and development of the industrial fabric of Gipuzkoa, beyond the fact that one company or another may be the object of a computer attack. In fact, the latest studies on the main concerns of CEOs and business managers in the world, reveal that cybersecurity is the aspect that arouses the greatest concern.
The application of the most advanced cybersecurity techniques is presumed to be essential for the viability and future of companies, becoming a fundamental axis within their activity, regardless of their size or market. The path is defined.
In this context, we are developing a project to learn about the state of the art of cyberthreats, in the Gipuzkoan industrial field. Its objective is specifically focused on mitigating the increasingly frequent cyberattacks suffered by industrial companies. Due to the constant extensions of functions, automation of processes and introduction to the new paradigm of Industry 4.0, industrial computer networks are becoming increasingly important in all sectors.
Generally, industrial companies attach great importance to the impenetrability of their networks. However, once the attacker has managed to penetrate the internal network without being detected, he can generally act without any control, causing great damage in the form of data deletion, theft of information and industrial secrets or complete destruction of the network.
The project that ZIUR is developing is to find out if companies in the industrial sector of Gipuzkoa are targets of targeted attacks or not and, at the same time, lay the foundations for detecting these attackers, knowing their 'modus operandi' and anticipating their actions by tending to them. cheating or providing false information. To do this, within the framework of our work to promote the cybersecurity ecosystem in Gipuzkoa, we are using a 'Deception' technology developed by the Gipuzkoan company CounterCraft.
In this project we use decoys that realistically represent the technological assets of the different companies participating in the project. The lures extensively cover different types of assets that companies have and are credible in the short and long term both to detect and subsequently monitor the attacker.
In a first preview of results after eight months of study, none of the ten Gipuzkoan industrial companies that have participated in the project has been the target of a targeted attack. However, its simulated replicas created for this project have received numerous indiscriminate massive attacks. These attacks have targeted both the IT environment and the OT environment of the different companies and the Attempt to exploit vulnerabilities with a critical impact has been detected, which highlights the need to implement active cybersecurity policies. An aspect in which all companies have their future at stake.