Utility Week

Utility Week 28th February 2020

Utility Week - authoritative, impartial and essential reading for senior people within utilities, regulators and government

Issue link: https://fhpublishing.uberflip.com/i/1214913

Contents of this Issue

Navigation

Page 24 of 31

UTILITY WEEK | 28TH FEBRUARY - 5TH MARCH 2020 | 25 Operations & Assets as examining the management approach and ensuring policies and operating procedures are t for purpose," Mosca says. In short, you can spend millions of pounds shoring up your systems but if the receptionist plugs in a random memory stick and accidentally downloads a devastating piece of malware, it was all for nothing. Rachel Wilcox, freelance journalist Case study: United Utilities Jon Wyatt, chief security o cer of the UK's largest listed water company, on its use of ethical hackers "We've been using ethical hackers for about ten years. Before any new solution or IT sys- tem goes live, we bring in ethical hackers to test it, tell us if they nd holes in it and what we need to do to x it. It's a really e• ective way of ensuring we build systems securely. "We use red teaming too, where we'll ask them to gain access to an operational site. We've not had anyone call the police yet, but sta• do challenge them. It's about building up the culture of challenging people. It lets us see where the holes are in our security; you don't necessarily see it when you're doing it every day. "Our board is very enlightened and they see the bene ts of this approach. I can't say how much we spend altogether but penetra- tion testers earn about £1,000 a day and a small system might take two or three days to test. They always nd something. When you're thinking like a defender, you build in di• erent controls to an attacker. They have di• erent mindsets. "GDPR and the NIS regulations have reinforced a lot of the processes we already had in place. Now we have some govern- ance to show a structure that we adhere to. It becomes a di• erent pitch to the board and makes it easier to justify what we're doing and justify the expense. But try not to let the cost of ethical hacking put you o• . It does have value." "Criminals are scanning the internet to create a list of vulnerable systems that they will revisit once a proof of concept hack has been published." Daniel Smith, security researcher, Radware "Criminals are scanning the internet to create a list of vulnerable systems that they will revisit once a proof of concept hack has been published." , security researcher,

Articles in this issue

Archives of this issue

view archives of Utility Week - Utility Week 28th February 2020