Building the invisible safeguards of urban flow

The invisible shields of urban life

KONE’s Chief Information Security Officer, Petteri Rantanen, dives into the shifting landscape of cybersecurity in smart cities and explores how cyber threats intersect with elevators and buildings. He talks about future industry challenges, and shares what it’s like to bring two decades of expertise to this exciting new sector.

Published 20-06-2024
Petteri Rantanen in KONE meeting room, with colleagues discussing in glass wall rooms in the background.
KONE’s Chief Information Security Officer Petteri Rantanen sees cybersecurity as a strategic imperative for future success.

When people think of cybersecurity and elevators, they often imagine the worst-case scenario. Petteri Rantanen, can elevators be hacked?

Within five minutes of hearing the words “elevator” and “smart cities”, everybody asks if this means somebody can just drop the elevator. To be blunt, everything that is connected to digital networks can be hacked. But even if you could hack a digital component, elevators have physical controls that stop them falling like in the movies. And there are of course plenty of digital safeguards – ​​from multiple layers of security controls to network segmentation – to ensure the safety of the elevator in every aspect.

Three people side by side typing on computers in office.
Cybersecurity means protecting devices, networks, and data from digital attacks.

What are the most common cybersecurity threats right now?

Various industries are embracing Internet of Things (IoT) technologies, such as smart cameras and home automation, for improved efficiency and cost savings. These innovations also bring security risks that we're still navigating as societies. For example, IoT and Operational Technology (OT) environments, like devices used in factories, are vulnerable to cyber risks.

We're used to facing thousands of cybersecurity cases every year. Phishing and malware, like viruses and ransomware, continue to be significant threats in every industry. So, we always need to make sure the IT landscape is in good shape.

Our dependency on third-party vendors for software and hardware also introduces supply chain-related threats. In recent years, these threats have increased significantly, and that’s why we expect our partners to meet a certain level of security. We monitor this through contracts and assurance activities.

One of the trends we are seeing is attacks on end user devices like laptops or phones, or data attacks that compromise accounts. It’s about “personal cyber hygiene”, we all need to form good habits to protect ourselves in the digital world.

Two KONE employees looking at tablet in factory.
Protecting Operational Technology (OT) from cybersecurity risks is important because OT devices and systems control critical infrastructure and industrial processes.

You’ve worked over 20 years in security – including key roles at Mastercard Foundation and Nokia. How does your experience in these industries compare to your current role at KONE?

In industries like finance and telecommunications, customers are more aware of what they need, ​​and that drives innovation. I think all companies have understood the importance of protecting personal and customer data, but protecting IoT and OT devices and environments are often not treated with the same understanding. If we’re honest, most residents in a block of flats are not giving much thought to the security of their elevator, they just expect that it is there.

It’s a bit of a dilemma for many companies balancing customer’s current needs with features that take care of future security. Customers dealing with critical infrastructure like metros or airports are getting more tech and cyber savvy, but in my view they could do it even faster. Evolving regulation is also ensuring that many industry sectors get more and more educated on cyber topics. Companies that recognize cybersecurity as a strategic imperative for future success and proactively embrace changing regulation can also better tap into the opportunities.

What drew you to work at KONE?

I think it’s quite unique what KONE is doing from the geographical and public industrial perspectives. For me, it is especially appealing to contribute to cybersecurity around smart cities, people flow, IoT and OT. And of course, KONE has long history and great heritage as a strong Finnish brand.

The sense of values resonates with me – not just the words on paper, but the way people explain things openly and transparently and follow up.

What are the keys to top-notch cybersecurity in a global company such as KONE?

Firstly, there’s the internal focus. At KONE, it means that we make sure that the security of the systems, tools and processes has been built in from the ground up, and we meet the standards and regulations of the industry.

Secondly, there are the products and services – and that’s mainly geared around our Technology and Innovation unit and R&D work. Are there any vulnerabilities? Being able to respond and address these is important for us and for our customers.

The best kind of cybersecurity is invisible and effortless, working in the background so you don't have to worry about it.
Group of smiling KONE employees sitting at their computers in meeting room.
At KONE, cybersecurity is a collective mindset and a crucial part of the company’s digital transformation journey.

Thirdly, we are working to ensure our whole supply chain is resilient, robust and performing as it should to get the end product to the ​​customer.

Lastly, it’s the people – how we communicate, share information and train our people to be proactive. I see people as the upside, and our best line of defense in many ways. A major challenge here is also securing capability and competence. There are 2.5 million vacancies in cybersecurity worldwide. That’s a lot of demand in a young domain and we are looking forward to expanding our expertise and diversity.

In an ever-evolving digital landscape, how do you envision KONE’s role in securing the cities of the future?

Our goal is to be a digital leader in cybersecurity, and a thought leader in the industry. Living and breathing cybersecurity will be a long journey and it’s going to take time. But we are already actively piloting, deploying and monitoring different approaches that could benefit the whole industry.

As an optimist, I do think that with the help of AI and technology we can address some of the basic aspects of cybersecurity really well. We can achieve better threat detection, analytics, automation – all with extreme efficiency and a fast pace.

From my perspective, the best kind of cybersecurity is invisible and effortless, working in the background so you don't have to worry about it. If we can make cybersecurity easy for citizens and integrate it in the flow of their daily lives – then we’re doing it well.

Quick cybersecurity glossary

Phishing: A deceptive attempt to trick an individual into giving sensitive information by pretending to be a trustworthy entity, often via email.
Malware: Malicious computer software designed to damage, disrupt, or gain unauthorized access to computer systems.
Ransomware: A form of malware that locks users out of their files or devices, followed by a payment to restore access.
Iot: Internet of Things – the network of interconnected devices (such as smart home appliances, wearable devices, industrial sensors) that communicate and exchange data over the internet.
Vulnerability: A weakness or flaw in a system, network, or application that could be exploited by attackers.
OT: Operational Technology is the hardware and software used to monitor and control physical devices, processes, and infrastructure in industries like manufacturing and transportation.

We use cookies to optimize site functionality and to give you the best possible experience while browsing our site. If you are fine with this and accept all cookies, just click the 'Accept' button. You can also review our privacy statement.