A recent cyber event in Florida highlighted the vulnerability of municipal water treatment operations. Initial reports indicate the treatment facility had reused a password that a hacker then used to exploit outdated software and remote operating systems.
Municipal operations and critical infrastructure are considered high-value targets for those looking to disrupt government operations, assert an ideological agenda, or to profit from ransomware. Good cyber practices such as patch management, software modernization, and penetration testing are just a few ways to use proactive controls to manage threats.
With all the engineered and software controls your organization could implement, the one that is most important is solid, mandatory employee training on cyber security and information management. Often, it is the vulnerability of human behaviours that weaken these efforts and allow for a breach, which can result from phishing campaigns or something as simple as reusing passwords.
In addition to having cyber insurance to help pay for the out of a cyber breach, prevention is the best approach. The cyber insurance market is growing increasingly harder with a need to demonstrate better controls to maintain affordable coverage. AUMA offers free eLearning modules, including Cyber Security & Information Protection, in addition to our new Cyber Security & Managed IT Services offering. Call 310-AUMA to learn more about strengthening your cyber program.