What if your organisation is infiltrated by cybercriminals? This is a question every company should ask itself, according to Patrick Hakvoort, Infrastructure Manager at Anthura. Hackers check what data they can use for themselves or how to take money from a company. Anthura has experienced it: just under two years ago, its Chinese production location was digitally attacked. Hakvoort: “Everyone is at risk of being hacked, so be aware of what to do if that actually happens.” .” Cyberweerbaarheidscentrum Greenport (Cyber Resilience Centre Greenport ) has interviewed Patrick about this.
In April 2021, Anthura’s Chinese production location was found to be hacked. With the help of a specialized Incident Response organization, Anthura was still able to resume production based on existing backups. In total, several servers were down for two weeks and lost about 5 to 10 percent of all its data.
Above all, the incident was a warning to Anthura: hackers are always lurking. Digital security was taken even more seriously from then on. “That’s when our eyes really opened,” says Patrick Hakvoort, responsible for infrastructure at Anthura since mid-2021. “We decided to be open about what happened to us because we want other companies in the chain to be aware of the dangers as well.”
Patrick Hakvoort
Patrick, how could the hack in China happen?
“Hackers gained access through an old climate computer still running an old version of Windows and of Teamviewer. They first examined how and when they could best attack us. Then, on one computer, the hack message appeared. Fortunately, an attentive employee did the only right thing: he did not click on anything, he pulled out the network cable, but left the power cable in place. Because if you cut the power off, then afterwards you have no forensic evidence with which to investigate the hack.”
So there was some time between the hack and the message?
“In general there are several months in between. Hackers are well-organized companies. One department hacks, the next department investigates, and the third carries out the message. They have customer service, a front desk. Often they are Russian companies: they want disruption, that is, to take down a company and then demand money. Chinese hackers work differently: they are mainly looking for data for their own use. They don’t ask for a ransom, but keep quiet so they can acquire data for as long as possible.”
What steps has Anthura taken since then?
“Anthura has a lot of digital contact with other companies. Therein lies much of the vulnerability. This allows suppliers to get into our systems for providing support. Previously, that was done via the Internet and Teamviewer, but we have since switched to VPN (an encrypted connection). I want to stop using that too: I want us to have even more control over who gets into our systems, for how long, and with what rights.”
Do your customers and suppliers understand these steps?
“Sometimes it’s difficult. They consider it a limitation. That is why we carefully explain why we are taking these steps and, above all, what they will gain. If we work more securely digitally, it will also benefit them and their customers. That’s why we tell the story about the hack in China to the outside world: we feel responsible for the entire horticultural cluster.”
Does everyone within Anthura know what to do in the event of a hack?
“We started training our employees last year. They are given short training courses. Thanks to artificial intelligence, those training courses are adapted to everyone’s level. They learn what to do in case of a hack, how to recognize phishing, and also how to report it in an easy way. That not only benefits them at work, but also privately.”
So Anthura won’t be hacked now?
“I always keep in mind that Anthura’s network can be compromised. Aren’t we able to control that? Of course, Anthura makes every effort to keep unwanted intruders out. In addition to prevention, we make sure to minimize the potential damage caused by a hack, among other things by making back ups.”
What would you advise other companies to do?
“Start by asking yourself: what is our core business, so what do we need to protect? For example, our R&D department is one of the core activities, because that is where we develop new varieties, so that department enjoys the highest level of security. Also, be wary of climate computers. People often say: let it run, because it has been performing well for decades. Those are often outdated IT systems, thus danger lurks there. Be open with your supply chain partners, because digital security is something we do together.”
Cybercafe on 30 March
Anthura and the Cyber Resilience Centre Greenport are organising a Cybercafé on 30 March on the subject of incident response, in other words ‘What you should do if your company is hacked?’. This Cybercafé, will be organised for customers and relations of both companies.
