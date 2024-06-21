The layered protections safeguarding an organization’s critical assets can be broken down into five categories:

1. Perimeter protections

2. Network protections

3. Endpoint protections

4. Application protections

5. Data protections.

An immense amount of thought and intricacy goes into each of these layers, and organizations should ensure they are putting ample consideration into bolstering defenses and mitigating risk in each category.

The goal is to prevent an attack from happening, but if malicious activity does sneak through a utility’s defenses, layered protections and network segmentation help to ensure any impact is limited to the smallest element possible. As the core of any cybersecurity program, strong technology is a necessary investment.

The Human Aspect

Humans are and perhaps always will be the easiest attack vector for cybercriminals. In fact, human error is the main cause of 95% of security breaches. But, there is hope for the future; although employees often have seen cybersecurity as a hindrance to their job productivity, that mindset is shifting as cyberattacks become the subject of more headlines. With increased efforts to combat cyber threats, a wider spectrum of employees has developed a greater understanding of the fundamentals of cybersecurity. While some would have been more likely to resist such efforts five years ago, more employees now recognize they play a role in the success of their company’s cybersecurity program.

Organizations need to foster cultures where cybersecurity is at the forefront of daily operations. That means cultivating employee cyber knowledge and then testing that knowledge with drills. Beneficial strategies include cybersecurity awareness training, simulated phishes, and additional training and resources for high-risk employees.

For example, Unitil has implemented a rigorous training program that regularly tests the ability of its employees to spot potential cybercrimes like phishing, which has become one of the most popular forms of attack and typically involves employees receiving emails or text messages with malware embedded in the message. Employees can be tricked into sharing credentials that could allow a hacker to invade the utility’s system. Therefore, as part of its monthly exercises, the utility uses mock phishing attempts to try to catch an unsuspecting employee off guard with the overall goal of ensuring they know what to look for to prevent an attack.

For high-risk employees, it is important to focus on education rather than punishment. Sometimes, however, intervention and restricted access are needed to alleviate risk.

Additionally, a strong cybersecurity culture needs executive buy-in from the top down to solidify security as core to the business and encourage participation in preventing and reporting attacks.

Monitoring And Response

Cyber criminals do not sleep, so it is critical businesses have the ability to monitor their systems 24/7 to identify vulnerabilities, emerging attack vectors and areas for improvement.

Security operations centers (SOCs) can provide constant threat monitoring for organizations. Whether external or in-house, SOCs ingest everything from firewall data to endpoint data, combining advanced analytics and threat intelligence for immediate identification of suspicious activity along with the ability to take immediate actions. If the SOC sees malicious activity that has snuck through layers of defenses and started to proliferate, it can react and isolate the threat. SOCs also can craft vulnerability assessments and risk scores that provide organizations with situational awareness regarding their threat landscape.

If all else fails, utilities should be prepared to respond and isolate any damage to restore systems in an expeditious and organized fashion. Unitil has a Cyber Incident Response Plan it reviews and runs drills on every year with the help of external assistance, its cyber insurance vendor, and other internal stakeholders to ensure readiness. It is important to have additional resources available that could be called on to expand the response in the event of a cyber incident. The utility has even participated in drills with the National Guard and other utilities, which have additional trained cyber experts that can assist if needed.