With the widespread implementation of automation and digitization, shielding critical infrastructure from cyberattacks has become a pressing issue.
Recently, a major oil pipeline operated by Colonial in the US was held for ransom by hackers, which hit all pipeline operations and affected power supply.
The opportunities for threats are many, but IoT sensors increasingly connected to networks have become an open flank. Experts warn to expect more attacks in the future.
Sikur, a Brazil-founded cybersecurity firm with operations in the US, Europe, the Middle East and Japan, specializes in systems to enhance IoT defenses.
The company is currently set up in one of the main science and tech parks in Europe and is preparing for an IPO on the Euronext next year, Fabio Fischer, Sikur’s founder and CEO, tells BNamericas in this interview.
Fischer: The cybersecurity challenge today is global and transversal, encompassing many companies, multinationals and countries.
One of the biggest problems we have nowadays, one that has been enhanced by IoT, is in energy, water and sewage, and other utility services, in addition to hospitals and connected cars.
Cyberattacks, like those that have been hitting power plants, have increased exponentially and will continue to do so. These are attacks ranging from DDOS [denial of service interruption] to fishing and ransomware.
The authentication of a user accessing a technological asset, be it an IoT device or a cellphone, is the biggest loophole and the biggest challenge in cybersecurity today.
I’d say that 85% of information leaks come from fishing activity, when the hacker collects authentication data. This reality even forced us to leave Brazil.
Fischer: Because we offered technology for this type of problem six, seven years ago. [Moving out] came as a recommendation from [IT business consultancy and research firm] Gartner, who told us that we were a few years ahead of our time and that Brazil wasn’t ready [for what we offered] yet.
As a self-fulfilled prophecy, the world went to mobile and IoT became a big reality.
We have a product now, Sikur Connect, that can get anyone to access any connectable device in an encrypted form, from end to end.
We install an encrypted agent on an IoT device and randomly and autonomously it opens an encrypted ‘tunnel’.
Our user generates credentials in the cloud, downloads the applications on his system, in a white label model [with the client’s own brand] and in a private cloud, which is a major trend in the market due to the issue of data sovereignty.
Enterprises saw that they couldn’t have their data stored on any server, because if someone steals access to that server their data would be at risk.
That’s why today we’re in France, in a science and tech park that is one of the largest cybersecurity clusters in Europe, with 4,000 companies.
We already have contracts with French companies that are looking at merging our technology to offer it in their products in a decentralized way.
BNamericas: Why did you go to France?
Fischer: For many reasons. We received a strong proposal from the French government to set up our R&D area here at the Sophia Antipolis Science Park. Here we have a particularly important technological cross-selling. Bosch, Boeing… there are a number of companies around.
And we have universities specializing in cybersecurity as partners. In short, the cybersecurity ecosystem is very strong in Europe.
What’s more, everything I spend on R&D I get from 30% up to 120% back in the form of tax credit or cashback.
But even before that we had been invited after a presentation in Lisbon two years ago to participate in the six-month Techshare program by Euronext [the European stock exchange]. This program for us effectively started on January 19 and prepares companies for an IPO.
As part of this process, we incorporated Sikur France as the investment holding vehicle for our ongoing pre-IPO round.
We target listing on the Euronext Paris in the first quarter of 2022. Minimum value per investor was set at US$10,000 and US$3mn maximum.
The fact is that listing in Europe, depending on the listing segment, is very lean and much less bureaucratic and cheaper than Brazil’s B3, for example.
Finally, Europe is “neutral” in a world polarized by China and the US. And this is not something marginal for a cybersecurity company. What’s more, a tech company listed on the Nasdaq, for example, is just another tech company. In Europe, there’s an open field ahead with lots of European money and US investment pouring in.
But I didn’t leave Brazil. We’re all over the world. I have Sikur Brasil, Sikur Portugal, United States, France. As a technology manufacturer, I can produce technology from anywhere.
BNamericas: How is that?
Fischer: We have different cases around Europe, such as one in the French city of Nice for smart cities.
But we’re also closing agreements, for example, in Brazil, with Belo Horizonte tech park, BHTec, with the Technological Institute of Aeronautics [ITA], with the national institute of technology Inatel, with Flextronics, with Intelbras.
Through these agreements, these players will be testing, in our laboratory in France, their devices to serve the automation industries. In a connected way, I can do the tests even if the hardware is in Brazil.
Most of these companies manufacture technology applied to the energy, automation and other industries.
BNamericas: There’s always a human element present in cyber incidents. In that sense, how can we prevent IoT from being a weak point?
Fischer: We need to have a holistic view of cybersecurity risk. One has to worry about the cloud, which is where that information is stored, about the mobile app and about the endpoint.
Often the hacker enters through the endpoint and begins to access the entire chain. A big vulnerability today is that companies assume the datacenter is a safe and secure thing, but forget about and downplay the other links in the infrastructure.
The gateway is a person, a user. We use technology based on these pillars to minimize all exposure to risk access points.
In our model, the user, inside a cloud, generates his keys, and then he downloads the application.
On the first access, he downloads a unique private key, which only exists for him, stored in a secure area protected by his biometrics.
Getting IoT the most secure as possible is of the utmost importance.
In the UK, for example, the federal [sic] government is preventing manufacturers of IoT devices from selling machines and equipment without a factory default password and robust identity manager with an encrypted combination.