When we think of cyberattacks on electrical coops, we think of taking down our electrical grid. Operational technologies are modernized for efficiency and safety, but your electrical coop’s greater cyberthreat is what plaques other industries and businesses – data theft, fraud, ransomware.
Is your IT side keeping up with the criminal’s strategies?
In a recent West Monroe survey, 67% of utility leaders cited cybersecurity as their top concern of their converged IT and OT network.
What strengthens all businesses is talking about cybersecurity.
The Colorado electric coop, DMEA, did just that. They’ve shared their painful experience as victims of a ransomware attack in 2021.
Here are some highlights from that attack.
Criminals gained access through an UNPATCHED vulnerability on their exchange network.
In 17 MINUTES, they were able to escalate privileges and execute a script that encrypted every device and server.
They reached their backups and rendered them useless.
It impacted all devices, phone, email, their customer information system, and meter data management. Luckily, their electric and internet operations were not impacted.
It took MONTHS to rebuild their systems.
Hear directly from the DMEA staff.
TAKE HOME MESSAGES
Safety is everybody’s job.
We tend to focus on physical safety. Most people are nervous about technology and box it into the IT department. Create a culture of cyber safety BEFORE your electrical coop is attacked.
Tradition is engrained in coops – this is the way we’ve always done it. Electrical Coops are forced to change AFTER a cyberattack. (DMEA)
Criminals do not break in, they login.
The biggest financial threat is business email compromise. Ransomware usually starts with phishing emails and tricking humans into divulging login information.
Understand your backup strategy.
DMEA’s offices were next to an airport, so their focus was on a physical disaster. Their backups were offsite, but connected to their network, with the same logins. Other businesses feel their backups are safe, but then realize their vendor is only backing up limited amounts, not their entire system.
Cover the basics.
Moving from antivirus to EDR and keeping your systems up to date are two significant best practices. Other important cybersecurity best practices are:
✅ Security Awareness Training
✅ MFA for Admin and Remote Access
✅ Encryption of Data at Rest and in Transit
✅ Inventory of Sensitive Data and Locations
✅ Disaster Recovery Testing (having a secure, recoverable backup of business-critical data)
✅ Incident Response Plan
✅ Security Event Monitoring
✅ Supply Chain Risk Management
Get Cyber Liability Insurance.
It not only helps financially, but practically. Insurance companies have negotiation and forensic teams that kick into action immediately. Cyber Liability Insurance’s requirements have increased in recent years with the higher number of attacks. Review the changes in requirements.
Get a partner.
IT people wear many hats and it’s hard to be an expert in cybersecurity, compliance and incident response. Find a third party to work with you on your incident response plan, and your incident prevention plan.
Ask yourself, will you pay the ransom?
Some businesses determine it is best to pay the ransom. Paying does not ensure you will get back your systems. Not paying may get your data leaked to the dark web. Either option is a gamble.
Better Protect Your Electrical Coop from a Cyberattack
Probably the biggest lesson learned from the Electrical Coop’s Cyberattack is to be prepared.
We also think your best approach is to better protect yourself from attacks with technology that not only can help block the attacks, but also gives you visibility into your system activities to respond and limit the damage.
This is where we have expertise. Our dedicated security team and security operations center delivers a comprehensive approach to business cybersecurity, compliance, and continuity.