Don't your machines communicate with your information system?

The holy grail of the connected factory often runs up against a chilling statistic: 75% of industrial cyberattacks start with a simple breach in the office network (IT). This is not just a problem for giants: in 2024, 37% of ransomware victims were SMEs.

The Jaguar Land Rover wake-up call

On August 31, 2025, the manufacturer experienced the worst-case scenario. A flaw at a logistics supplier allowed attackers to infiltrate the very heart of the factories.

The intrusion : Attackers compromised a logistics supplier through social engineering.
The flaw : They exploited a SAP NetWeaver vulnerability to get in.
The paralysis : Because there was no segmentation, they reached the PLCs and SCADA, stopping factories dead in the United Kingdom, Slovakia, Brazil, and India.
The cost: Between £5 and £10 million in losses per day, sales down 25%, and subcontractors pushed into bankruptcy. In total, more than £2 billion.
Result: Total shutdown of global production the next day.

And the painful detail: JLR had not finalized its cyber insurance policy. The whole bill was on them.

The mechanism is always the same: the attack enters through the office, spreads because of a lack of segmentation, and ends up paralyzing the PLCs. If your PLC is on a "flat" network, you are the next target.

Five concrete actions to connect your machines without opening the door

We are not going to scrap machines that work. The challenge is to build a secure bridge between two technological eras.

Map before connecting : You cannot protect what you do not know. Identify the equipment and the "rogue connections" quietly put in place years ago.
The smart intermediary : Never connect a PLC directly to the IT network. Use an Edge device or a gateway that encapsulates the data. If the intermediary is compromised, the machine remains unharmed.
Zero Trust segmentation : Forget the simple VLAN. Zero Trust requires that every flow be authenticated. Break the factory into micro-perimeters: if one segment falls, the others hold.
Unidirectional flow for critical systems : For your most sensitive PLCs, data must flow out to analysis, but no command must be able to come in. That is the difference between observing a machine and handing its keys to the first person who comes along.
Encapsulate the "Legacy" : Your old protocols (Modbus IP, BACnet IP) are not the problem; their insecurity on the network is. We transport them in an encrypted tunnel without touching the original configuration.

Why Protocol Encapsulation Changes the Game in Industrial Environments

Kaptngo was designed in the field. The principle: we add a node at each end, and each machine has its own Zero Trust tunnel. Distributed architecture, no centralized VPN and no network overhaul. Your Siemens PLC from the 2000s communicates with the Cloud as if they spoke the same language, without rewiring and without stopping production.

We never deploy the tool on its own: every implementation is based on an analysis of your context, because a well-encrypted tunnel in a poorly designed architecture protects nothing.

More than a technical challenge, a regulatory and human one

The timeline is speeding up. NIS2 is coming with its risk management obligations and sanctions, followed by the Cyber Resilience Act in September 2026.

Yet the real challenge is not technical. It is getting IT (patch first) and maintenance (continuity first) to work together. As long as these two worlds do not speak the same language, the best solutions will remain projects that gather dust.

So, are your machines finally talking to your IT, or are they still going their own way?