Cyber-Retroffiting or Retrofitting overall is huge in 2022, especially after the COVID pandemic hit so many businesses. But there are hidden consequences that the far majority of small, mid-sized, and large businesses don’t know about.
Imagine this scenario: there’s a CEO that invested a large sum of money into digital equipment for the company, but years passed by and some of these are getting behind.
Some equipment has broken down, while others are simply not up to par with what is needed on the market right now. So, the CEO invests a bit more to upgrade some parts of that same equipment, but it was later when a breach is found thanks to that new integration.
Does this sound familiar or exactly like you? Is that something you want to avoid?
Then, keep reading.
What is Cyber-Retrofitting?
According to the Merriam-Webster site, Retrofitting is “to furnish (something, such as a computer, airplane, or building) with new or modified parts or equipment not available or considered necessary at the time of manufacture” or to “install (new or modified parts or equipment) in something previously manufactured or constructed.”
In a few words, to adapt/modify to a new purpose or need.
Now, Cyber-retrofitting is exactly that. To install new or modified parts to already-working equipment. And because computers aren’t as old as most industrial gadgets, it’s just by now, with the notorious usage increase of the Industrial Internet of Things (IIoT) that this term is being said, read, or heard.
The first major story that put cyber-retrofitting to the spotlight, it was that one in 1982 about a Trojan horse attack on a Siberian gas company’s system software that cause a huge explosion on a pipeline.
Well, there are two possible scenarios that this could have happened:
- All of its technological infrastructures was old and vulnerable,
- The newer replacements were badly installed/managed or launched into the market with unaddressed vulnerabilities.
Very few companies have the budget to build new facilities from scratch, so whenever news is heard about a company that got attacked, it’s very likely a case of cyber-retrofitting was badly executed.
According to Gartner (research agency), “more than 20% of Enterprise security attacks involve IoT connections.”
There’s a lot of information that confirms it was due to improperly secured MCCs and PLCs that bad actors gained network access, especially if not many know how to protect these.
Yes, IT experts can truly level up your process (doesn’t matter the industry your company works in) by taking full advantage of IoT gadgets. But this is only when substantial security systems are in place. This applies to legacy systems, and newer ones as well.
The Siberian pipeline attack is just one of many devastating examples of bad cyber-retrofitting. Now, what are good examples?
How Is Cyber-Retrofitting Done Correctly?
A great example of a recent cyber-retrofit put in action, was the introduction of upgrade solutions for legacy FANUC America machines that used Windows 7, XP, or older, which are no longer supported, which could therefore lead to q major cybersecurity breach.
They replaced old machines for other industrial with solid-state drives, Windows 10 IoT Enterprise, and both touch and non-touch LCD displays. This was possible thanks to the Panel i Replacement/Retrofitting Program
But this is a large organization with a large budget, right?
Well, you can also benefit from this methodology at a much lower price.
And if you’re still wondering if cyber-retrofitting is ideal for your business, despite having the budiget, the consider this:
- It will greatly stop unauthorized access and/or use of your company’s legacy systems.
- It will transform legacy components into completely new systems.
- It will enable new usage of previously discontinued/disconnected equipment.
Did you give it a thought?
If so, take into consideration that MyITGuy’s architecture-based Cyber-Retrofit Process is here to assess your current systems and rapidly provide a reliable, concrete, and actionable roadmapss to adress wathever cybersecurity concerns you and/or your team have right now.