UTILITY WEEK | DECEMBER 2022 |
21
Technology
rell, explains that previous high-pro le data
breaches o en show that a lot of the issues
"stem from the basics: weak passwords,
unpatched systems, insecure test or devel-
opment environments, users with excessive
rights, insu cient network segregation,
limited knowledge of assets… even down to
a poor joiners, movers and leavers process".
"Most are known about and even
accepted risks, but xing them would take
time or cause hassle for users by making
their task a little more complex or time con-
suming," he adds.
Another utility executive explains it can
be "enormously helpful" when organisations
are candid and share when things have gone
wrong. "We obviously need to have a safe
place where that happens. Then I think you
have to assume that one day it will happen to
you. Spending some time and eƒ ort on that
has to be worthwhile," they say.
As well as collaboration between organi-
sations, it is crucial that cyber-security is
considered as everyone's responsibility
within a business – not just at board level or
delegated to the IT team.
"Technology is only one control. If you
have 1,500 staƒ like Utilita, why not have
1,500 people in the company security team?"
says Farrell. "We achieve this through
monthly blogs, internal magazine articles,
guest slots in team meetings, security lunch
and learn sessions, and the education of
users who trigger small risky behaviour
alerts. All of this is on top of the traditional
corporate security training and phishing
exercises."
Cisco's Jackson agrees, noting that "our
users [colleagues] are the strongest part of
our arsenal". "It might sound like a cliché,
but trained and educated cyber-citizens are
incredibly valuable. You shouldn't expect
them to be cyber-security experts, but you
should expect a baseline level of under-
standing in the same way you would for
health and safety principles."
Nadine Buddoo, intelligence editor
In association with
I N S I G H T R E P O R T
A threat without borders:
understanding the cyber
risks facing utilities
In this report
How is the cyber security landscape evolving?
Do current cyber strategies go far enough?
What role should regulation play?
What lessons should utilities be learning?
V I E W P O I N T
Cisco
Download the report
Download the report https://utilityweek.co.uk/
a-threat-without-borders-understanding-the-
cyber-risk-facing-utilities/
in association with