Our increasing dependence on technology and web-based communication has opened the door for cyber security threats. Cyber criminals are on the increase, and energy and utility companies are high value targets.
Technology and data have completely transformed the power and utilities sector, allowing companies to use information to improve and expand services, and better engage with customers. However, this also brings added regulatory obligations around privacy and security — and the risk that sensitive data will be subject to increasingly sophisticated cyber-attacks.
As attacks grow in sophistication, IT infrastructure becomes more complex and the value of data increases, utilities’ security teams are under more pressure than ever. From staff that hold valuable oil and gas exploration information, to customers who could be conned into giving away their money to a criminal disguised as their trusted energy firm, now is the time for utility companies to take responsibility for the safety of their data.
There is now a ‘mass market’ for stolen data and with ransomware attacks increasing at an alarming rate the utilities sector has to take significant steps to protect their infrastructure and data.
The Chancellor recently announced the publication of the Government Strategy for tackling what he described as ‘sophisticated and damaging’ cyber-attacks. The strategy includes investing £1.9bn in defending systems and infrastructure, deterring hackers and developing what Mr Hammond described as a ‘whole-society capability.’ This also included the creation of the National Cyber Security Centre, announced last year, to act as a single point of contact for both the public and private sector.
The introduction of the General Data Protection Regulation, due to come into force in May 2018, means that utilities providers will face punitive fines if they fail to demonstrate that processes have been put in place to protect their customer’s personal information. The utilities sector faces exactly the same issues as the public sector due to the huge amounts of sensitive data that they hold and share.
In January 2017 Lincolnshire County Council was hit by a £1m malware demand and their systems were ‘shut down’ for 4 days. This is becoming a more frequent occurrence and re-iterates the damaging effects cyber-attacks can cause.
Recently reported figures indicate that over 90% of cyber-attacks can be directly linked to ‘user error’ or ‘lack of staff awareness.’ Nick Atkinson, Commercial Director at Intelligencia Training Limited, commented, “It is vital that utilities providers and the public sector train their employees and foster awareness on the safe movement and storage of data. People are the weakest link, yet this element is often overlooked. Effective training can eliminate many of the threats simply by ensuring that public sector staff have been trained to understand the dangers of phishing and social engineering.”
Intelligencia Training, that specialises in delivering cyber security training and qualifications that are entirely focussed upon raising staff awareness recently delivered a training programme for personnel at The Royal Borough of Kensington and Chelsea to help them tackle crime and fraud. They utilised the Level 2 award in Cyber Security for Business combined with the Cyber Stars initiative.
The Cyber Stars initiative, which has been designed and developed by cyber security experts, is an on-site one day course which gives people an improved understanding of cyber security. It is the only programme of its kind backed by a nationally-recognised qualification and access to ongoing learning materials via the Cyber Stars e-learning platform.
Andy Hyatt, Head of Fraud at the Royal Borough Of Kensington and Chelsea, said; “One of the fastest emerging fraud risks that organisations face, both within public and private sectors, is the threat of cybercrime. This is why I felt my investigation officers needed to get a better understanding of what cybercrime is and how it manifests itself.”
“People invariably look towards the ICT Department to protect organisations against cybercrime but it’s everyone’s responsibility and while ICT are centre stage in maintaining cyber-security, I want officers from the Corporate Anti-Fraud Service to support them by maintaining awareness and disseminating good practice. This course has given them the skills to achieve this goal.”
“The course gave us a greater understanding of best practice in cyber security. It discussed the different types of cybercrime threats, from remote attacks like malware or hacking to more intrusive threats like social engineering.”
“The initiative provides the Council with the assurance that officers have attained a good level of competency in cyber security. This is the sort of course that will be beneficial long after the classroom session.”
“Cybercrime is constantly evolving and, through the initiative and post-course support provided, we will continue to be kept up to date with details of new threats, emerging risks and the latest developments.”
Nick Atkinson raises a valid point that there is still a culture within the public and private sectors that cyber security ‘is not my job’ and that IT departments ‘have thing’s covered.’ Recent examples and statistics clearly demonstrate that this couldn’t be further from the truth. Both sectors spend huge amounts of money training staff via mandatory courses such as first aid and health and safety but ignore the potentially catastrophic risks that lack of basic cyber-security awareness and training can cause. Every member of staff within the public sector represents a potential risk to the organisation.
There is far too much reliance upon IT departments and infrastructure rather than ensuring that staff are competent and capable of spotting potential cyber-attacks. Involving staff in their own departmental cyber-security responsibility, with the creation of cyber-champions, produces a much greater level of ‘buy in’ and awareness.
The Level 2 Qualification in Cyber Security for Business and the associated Cyber Stars initiative is cost effective solution to ensure that staff are aware of cyber-security risks and legislation relating to data governance.
You can find out more about Intelligencia Training and their innovative cyber-security and intelligence analysis training programmes backed by nationally accredited qualifications at www.intelligenciatraining.com or contact 03330 431 431
