Table of Contents Table of Contents
Previous Page  12 / 24 Next Page
Information
Show Menu
Previous Page 12 / 24 Next Page
Page Background

WORLD-GENERATION NOVEMBER/DECEMBER 2016

12

With global cyberthreats that

continue to increase in frequency and

scale, the need for cybersecurity and

resiliency is one of the most serious

issues facing energy and utilities

organizations and their boards of

directors today. Protecting confidential

customer information and corporate

assets is critical to building a trusting

relationship with customers, upholding a

company’s brand, and for the energy &

utilities industry in particular, protecting

national security.

SECURINGTHE SMART GRID MUST GO

BEYOND BRAND REPUTATIONTO ISSUES

OF PUBLIC SAFETY

As grid modernization projects are

adopted, the importance of incorporating

a strong cybersecurity program from the

inception cannot be overstated. The

energy and utilities sector handles vast

amounts of proprietary customer data

such as bank account details and credit

card numbers. This data, when combined

with the critical mandate to protect

national infrastructure from external

threats, underscores the imperative for

organizations to double down on security

measures.

Vulnerability to cyberthreats grows

as an increase in systems results in more

potential entry routes to customer data.

This is especially true as energy and

utilities companies roll out web-based

solutions such as online billing and

Internet of Things (IoT) devices like

smart meters to deliver efficiencies and

enhance the customer experience.

Therefore, managing risk while

disrupting traditional business models

must go hand in hand.

Organizations must understand the

security risks and implement plans and

systems to safeguard all devices, sensors

and things connected to their networks.

The goal is to help maintain a safe

environment for customer information

while also helping protect public safety.

So, what are some of the big

cybersecurity issues keeping CIOs and

CSOs up at night? In this article, I’ll share

a snapshot of the cybersecurity landscape

within the backdrop of Verizon’s annual

Data Breach Investigations Report, and

will also explain what this means for

businesses today, including the critical

need for strong cybersecurity strategies

and plans.  In addition, I’ll offer

recommendations on steps that

organizations can take to strengthen

security to better serve their customers,

including today’s highly digital and

mobile consumer population.

DBIR

A recent picture of the cybersecurity

landscape will help to set the stage for

discussing the major threats to the

energy & utilities industry. Verizon’s Data

Breach Investigations Report (DBIR),

now in its ninth year of publication,

reflects incident data from contributing

organizations across the globe to expose

what’s happening on the cyber

battlefields. The 2016 DBIR provides

insights based on more than 100,000

incidents, including 2,260 analyzed

breaches, from across 82 countries.

The major plot line of this year’s story

involves cybercriminals exploiting

common errors and human weakness in

pursuit of financial gain. Consider the

following DBIR statistics:

89% of confirmed breaches had a

financial or espionage motive;

63% of confirmed breaches involved

leveraging weak, default or stolen

passwords; and 30% of phishing messages

were opened in 2015, and 12% of targets

clicked on the malicious attachment or

link.

In addition, the DBIR found that most

attacks exploit known vulnerabilities that

have never been patched despite patches

being available for months, or even years.

In fact, the top 10 known vulnerabilities

accounted for 85% of successful exploits.

Essentially, basic defenses continue to be

sorely lacking in many organizations.

How does this all apply to the energy

and utility sector specifically? According

to Verizon’s research, the vast majority of

security incidents across the energy &

utilities industry involved cyber espionage

(38%) in which state-affiliated actors

breach an organization to target

intellectual property; crimeware (19%)

which is any use of malware to

compromise systems, and is typically

opportunistic and motivated by financial

gain; and, Denial-of-service (12%) which

is the use of botnets to overwhelm an

organization with malicious traffic and

bring operations to a halt.

(continued page 21)

CYBERSECURITY SNAPSHOT

BY MICHAEL KOTELEC,

GLOBAL PRACTICE LEADER,VERIZON ENTERPRISE SOLUTIONS’ENERGY & UTILITIES PRACTICE

PERSPECTIVE