Successful companies are a target for hackers. If you generate a high turnover and are digitally active, they will find you sooner or later, according to Ronald Prins. He created a furor with cybersecurity company Fox-IT, and now he is helping the fresh produce trade and horticulture, among others, to protect themselves against hacking. Ransomware is a short-term risk, but in the long term, it can cause great damage to individual companies and the sector as a whole.
Ronald Prins (right) with Jurjen Harskamp, co-founder of Hunt & Hackett
Unique knowledge and money
Ronald has noticed that horticulture and plant breeding are particularly interesting to APTs, short for Advanced Persistent Threat Groups, or hackers. "Sectors in which the Netherlands has unique knowledge and earns money are interesting to them. This applies to horticulture and plant breeding, but also to the biotech and maritime sectors, for example," he says.
Awareness of this danger has been growing in recent years. For example, company directors regularly contact Hunt & Hackett because of possible ransomware attacks. "They read in the newspaper what the consequences of such an attack could be. These are at odds with what managers want: to grow and achieve their goals. If your network is down, you can't do anything. These are direct risks you have to deal with as a company."
Digital literacy makes vulnerable
The reason horticulture is a target for this is because of the success of the sector and its high level of digital literacy. "The ransomware attackers don't scan the internet, they read the Financial Times: what are the successful companies where technology plays a big role? Where can we make a big dent?" Moreover, in the fresh produce trade, timing plays a big role, "simply because these are fresh products with a limited shelf life. They find out which company will lose a lot of money if it's down for a week, and which week is the most important. Around Christmas, for example."
Hunt & Hackett sees this type of attack coming mainly from Russia. The aim is simply to make money: only if you pay will you be able to access your system and backups again. "They are well informed. Once they are in your network, they look for the pain points." He says they can see in the accounts how much you can pay, which week's turnover is technically the most important for you, and which backups they can destroy, "but also how they can disrupt internal investigations around an acquisition process. They are serious parties: they communicate at the management level, for example with the CFO, and if you're unlucky, they'll watch his computer for a while: what kind of sites does he visit and which of his girlfriends does he communicate with on WhatsApp? You don't want that published either. All ways to make sure you pay."
Threats to independent food production
Ronald describes a ransomware attack like this as a short-term risk. In the long term, the risks of a poorly secured digital environment are different. Over time, the loss of your intellectual property plays a bigger role, for example through industrial espionage. "They can access your data, your knowledge, and your inventions. Dutch horticultural suppliers have sixty years of horticultural knowledge or cultivation data on their computers, and they invest heavily in R&D. It is knowledge about the crops which is the subject, plus everything that the horticulturalists did not yet know. You don't want to lose that and you don't want your competitor to get hold of it either. You don't notice it immediately, but it undermines your business model."
When it comes to industrial espionage, Hunt & Hackett sees a lot of activity in China. "China has declared a strategy of becoming independent in terms of food production. A lot of it is still imported, and they want to do that differently. It's not so much about the costs, but mainly about independence in their own food production - they want to have that knowledge."
Investors, in particular, are busy securing their intellectual property and knowledge, Ronald observes. "That's not surprising: they put millions into a company and want it to pay off. Corporate espionage can be a threat to this because it is your capital in the long run."
At the same time, he sees that the industry is still largely blind to it - something our academia also plays a part in. "It sometimes amazes me how cooperation takes place within universities. Wageningen has a very important role in this world. Thanks to the good cooperation with the University, we can move forward as a sector within this field. At the same time, in the Autonomous Greenhouse Challenge, they also work together with parties like Tencent, one of the largest companies in China."
This competition is all about developing an autonomous greenhouse, which is obviously in high demand internationally, as it may provide a pathway to self-directed greenhouse projects. The competition also attracts a lot of young talent and many start-ups are presenting how their solution can contribute to this. "For a chance at €50,000 in prize money, they present beautiful powerpoints and pitches, including sensitive information that is normally only shared with potential investors. In the short term, that €50,000 may seem like a lot of money, but in the long run, sharing your vital information may cost more."
Plenty of threats, but what to do about them? Your awareness is the first step, but that is not enough when it comes to digital security. "Knowing that you shouldn't click on phishing links is awareness, but if you convince 99% of your staff of that, you might be pretty successful and they will still get in," outlines Ronald. He also sees that many standard software packages are aging rapidly. "Hackers develop every day. It remains a game of cat-and-mouse, and a standard measure is no solution." So, detect if any abnormal behavior is happening in your systems.
"As long as you don't check and follow up, they will succeed one day, because hackers have infinite time and the capacity. Once they're in, it's easy, but even then they're not done yet. They take time to investigate you. That takes three weeks. If we pick them up somewhere in those three weeks, we can help the customer."
They do that by looking behind the front door: security monitoring and anomaly analysis. "We investigate anomalous behavior: connections from your network to places that never occurred before. A laptop that suddenly connects to your R&D department. Then, hopefully, you know at an early stage that they are trying to break in or are inside."
On your guard
These kinds of protocols and actions may help against ransomware and digital espionage, but obviously not against voluntarily opening doors. "That is also difficult. Being commercially driven you want to cooperate. There are many customers and a lot of potential abroad. If you have large projects there, you also have to bring knowledge to them. Moreover, the Netherlands owes its good position to its cooperation and investments, but take a critical look: what technology do we get from other countries in the field of horticulture? Autonomous Intelligence is not an export product for China. For us, it is. In the short term, I understand the desire, but consider what it means for your long-term value creation."
In addition to making companies aware of this, Ronald also looks to the government for the entire digital security package. "It is a great pity that the Netherlands is very proud of the horticultural sector on the one hand, while at the same time hardly doing anything to protect it properly. The countries around us are erecting a digital wall around their crown jewels. The French intelligence service, for example, helps guard everything that is secret from being stolen. We can help protect companies, and at the same time, it is also society's responsibility to give the AIVD (General Intelligence and Security Service in the Netherlands) the mandate to pay attention to this."
A government can raise the threshold for hackers to target Dutch companies. After the attack on the American company Colonial Pipeline Attack, active in the American fuel supply, Biden entered into talks with Putin to protect vital American organizations. "In short, Biden has shown that he can get back at the hackers and destroy their installations if they attack vital organizations. For the hackers, the risks and costs go up and they focus on other targets, such as Europe."
He compares it to tackling the burglars' guild. "Of course you have to put locks on your house, but if burglars themselves are not dealt with, the problem will persist." The AIVD is already partly active in this, of course, and the 'sleepwet' also plays a big role in it. "As a private company, we can't and shouldn't do that; the government always has more options. Only the government can see at that level what is happening on the internet and can spot attacks sooner. Compare it to the radar systems that detect non-stop whether missiles are coming to Europe, only this is a digital form of terrorism."
For more information:
Hunt & Hackett
24/7 incident response number:
+ 31 (0)70 222 0000