Share this
Top Cybersecurity Tips from Yes Energy's Experts
by Gaby Flores
Following the Colonial Pipeline attack in May, we explored the risk that cyber-attacks and ransomware present to the energy industry and the power grid. Since then, sophisticated cyberattacks have further increased. Most recently, Kaseya, a software provider, was the subject of a ransomware attack. Due to the nature of Kaseya’s business, the attack affected at least 200 U.S. companies.
REvil, a Russian-speaking ransomware-as-a-service provider responsible for the recent cyberattack on meat processing giant, JBS, is believed to be responsible for the attack on Kaseya. (NPR, 2021). The FERC and NERC recently published a white paper stating that in order to protect the grid from hackers and avoid critical infrastructure collapse, the electric industry needs to demonstrate “continued vigilance” (Utility Dive). If it seems like the number of major ransomware attacks occurring is increasing, that’s because they are. According to PBS, ransomware attacks increased by 62% between 2019 and 2021, and by 158% in North America. The number of ransomware complaints received by the FBI increased by approximately 20% between 2019 and 2020. Additionally, the cost of ransomware attacks reported to the FBI rose by 200% between 2019 and 2020. Unfortunately, to make matters worse, according to NBC, there are also talent and availability shortages in the cybersecurity industry. Cybersecurity businesses are turning down business. Additionally, talent is scarce, and due to the nature of the job, employees don’t stay in front-line incident response for long periods of time.
Following the Colonial Pipeline ransomware attack, we shared some industry-proven tips for avoiding cyber and ransomware attacks. Given the risk they pose to players in the industry and their increasing prevalence, we’re back this week with tips from Yes Energy’s security experts, Scott Saunders and Eric Marscin, on leveraging security as a tool, rather than a hindrance.
-
Conduct a risk assessment. Identify the individual risks to which your company is exposed. What makes your business unique (and profitable)? That’s what makes your business vulnerable. Eric recommends using the NIST special publication 800-30r1 to perform risk assessments.
-
Think critically. Consider everything that could go wrong or fail. Address every scenario you and your team can think of. Take a step back and think of all the ways your tool could be used in a different way than intended. Try placing a wild card character in place of an explicit value or escape character.
-
Security can be fast. Automate steps in the security process, where possible, in order to increase speed. Availability is an important facet of security just because systems are secure doesn’t necessarily mean they are slower.
-
Test. Your. Backups. Ensure that your backups are working. 40% of ransomware victims found that their backups had failed. Make sure your IT team can answer what your recovery time is if something goes wrong. Additionally, make sure your IT team is backing up the data you and your business value most.
-
There are no bad questions. You should be asking your vendors and IT team every question you can think of. There are no bad questions, just dangerous assumptions.
-
People are your most vulnerable entry point. Ultimately, people are both your strongest and weakest link. Humans are vulnerable to phishing, improper firewall installations, etc. Humans are fallible. Ensure you have good training in place and make sure that everyone on your team knows they are an important part of the business’s overall security.
Cyber and ransomware attacks present an extreme risk to businesses in all industries, no matter their size, and the energy industry may be a particularly vulnerable target for cybercriminals.
If you’re interested in learning more about security from Scott and Eric, please check out their presentation, Security as a tool, rather than a hindrance, from our recent Yes Data Insight Event, Unlocking Big Data Insights. (If you want to skip straight to their presentation it starts at 24:00).
Share this
- Industry News & Trends (98)
- Power Traders (70)
- Data, Digital Transformation & Data Journey (44)
- Asset Managers (40)
- Market Events (30)
- Asset Developers (29)
- Market Driver Alerts - Live Power (25)
- Utilities (25)
- ERCOT (24)
- ISO Changes & Expansion (22)
- Renewable Energy (22)
- Infrastructure Insights Dataset (20)
- PowerSignals (20)
- Energy Storage / Battery Technology (17)
- Live Power (17)
- Risk Management (17)
- DataSignals (16)
- Yes Energy Demand Forecasts (16)
- Data Scientists (14)
- CAISO (13)
- PJM (10)
- Power Markets 101 (9)
- QuickSignals (9)
- SPP (9)
- EnCompass (8)
- MISO (8)
- Position Management (8)
- Financial Transmission Rights (7)
- Snowflake (6)
- Submission Services (6)
- Powered by Yes Energy (5)
- Asset Developers/Managers (4)
- Data Centers (4)
- FTR Positions Dataset (4)
- Geo Data (4)
- Solutions Developers (4)
- Commercial Vendors (3)
- Battery Operators (2)
- Independent Power Producers (2)
- PeopleOps (2)
- data quality (2)
- AI and Machine Learning (1)
- Crypto Mining (1)
- Europe (1)
- FERC (1)
- ISO-NE (1)
- Japanese Power Markets (1)
- NYISO (1)
- Natural Gas (1)
- Western Markets (1)
- hydro storage (1)
- nuclear power (1)
- December 2024 (2)
- November 2024 (7)
- October 2024 (6)
- September 2024 (5)
- August 2024 (7)
- July 2024 (9)
- June 2024 (5)
- May 2024 (7)
- April 2024 (8)
- March 2024 (6)
- February 2024 (9)
- January 2024 (7)
- December 2023 (4)
- November 2023 (5)
- October 2023 (6)
- September 2023 (2)
- August 2023 (6)
- July 2023 (3)
- May 2023 (4)
- April 2023 (2)
- March 2023 (2)
- February 2023 (2)
- January 2023 (5)
- December 2022 (2)
- November 2022 (1)
- October 2022 (3)
- September 2022 (5)
- August 2022 (5)
- July 2022 (3)
- June 2022 (3)
- May 2022 (1)
- April 2022 (3)
- March 2022 (3)
- February 2022 (6)
- January 2022 (3)
- December 2021 (2)
- November 2021 (4)
- October 2021 (4)
- September 2021 (3)
- August 2021 (2)
- July 2021 (4)
- June 2021 (5)
- May 2021 (3)
- April 2021 (3)
- March 2021 (4)
- February 2021 (3)
- December 2020 (3)
- November 2020 (4)
- October 2020 (2)
- September 2020 (5)
- August 2020 (2)
- July 2020 (2)
- June 2020 (1)
- May 2020 (9)
- November 2019 (1)
- August 2019 (2)
- June 2019 (2)
- May 2019 (2)
- January 2019 (1)