October is National Cybersecurity Awareness Month (NCSAM), the 13th annual Department of Homeland Security-led campaign created as a collaborative effort between government and industry leaders to ensure every person has the resources they need to stay safe and secure online. With this in mind, the October issue of American Gas magazine titled, “Inside Out,” discusses the pervasive physical and cyber threats facing natural gas utilities and how companies are tackling a potentially bigger risk—insider threats.
At some companies, the majority of cyber incidents are accidental malware infections caused by employees or contractors. Most attempts to lure unsuspecting employees come in the form of phishing scams, which are fraudulent email messages appearing to come from legitimate businesses, including banks, restaurants and telephone companies. An example of phishing scams on a global scale includes the 2015 Ukrainian cyber-attack on the electric grid, where phishing was one of the methods hackers used to gain access to the distribution grid, causing 225,000 customers to lose power for several hours. For this reason, Colorado Spring Utilities implemented a phishing security initiative in 2015. This mandatory training has decreased the number of employees who click on a phishing email by 74 percent.
The move to digital has also made it easier for these threats to occur. Data that used to exist on paper now resides on a server which can significantly increase vulnerability to a breach. In order to prevent unnecessary attacks from happening, it’s important that utilities follow the five-step cybersecurity framework laid out by the National Institute of Standards and Technology:
- Understand what’s important
- Install controls and safeguards
- Monitor and detect anomalies on your network
- Create incident response capabilities
- Build capabilities surrounding resiliency and recovery
Most employees don’t realize they are a potential threat, but each time they turn on their laptop, log onto the network or insert a USB thumb drive into their terminal, they could inadvertently be injecting malware, viruses or ransomware into your company’s network. It is important that utilities employ smart cybersecurity processes to protect their employees and systems. Throughout NCSAM, you can share cybersecurity tips and resources on social media by using the hashtag #CyberAware to promote your efforts and join the conversation.
If you are a utility and have a unique and interesting way you’re improving cybersecurity best practices at your company let us know in the comments section below or by emailing Jackie Bavaro at firstname.lastname@example.org.