MUST Read This WSJ Article About Our Power Grid and How the Russians Hacked it With Phishing
Earlier this
month, the Wall Street Journal reconstructed the worst known hack into the
USA’s power grid revealing attacks on hundreds of small contractors.
The title is very apt: “America’s Electric Grid Has a Vulnerable Back
Door—and Russia Walked Through It”.
It’s so relevant because it describes a very effective supply-chain attack that
could happen to your own organization as well. The article focuses on the spear
phishing and watering hole attacks that compromised small contractors and
giving the attackers a footprint to hack further up the power grid chain.
Remember the Target hack?
The Wall Street Journal pieced together this account of how the attack unfolded
through documents, computer records and interviews with people at the affected
companies, current and former government officials and security-industry
investigators. Some experts believe two dozen or more utilities ultimately were
breached.
It’s a must-read because this is the No.1 vulnerability that leads to the
dreaded data breach. I strongly recommend you sit down with your management
team and do the following exercise:
- Identify the top 5 suppliers that would cause downtime or serious disruption of your production if they were to get hacked or were off the air
- Find out if they only require once-a-year awareness training just to be compliant
- To keep their business as your supplier, require them to sign up with GDR Group, and deliver you the evidence that their users have stepped through the 45-minute module and get sent simulated phishing attacks once a month.
This
excellent WSJ reporting demonstrates again that your own employees need to be
the strongest human firewall possible, and that your suppliers also need to be
part of that same defense-in-depth strategy.
Here is the link to that article, so you can cut & paste it. This may be
the most important article related to InfoSec your C-levels read this year.
Make sure they do:
https://www.wsj.com/articles/americas-electric-grid-has-a-vulnerable-back-doorand-russia-walked-through-it-11547137112
Users, regardless of their role within the organization, need to be educated on scams like this in order to elevate their understanding for the need to be vigilant against external threats. Security Awareness Training educates users on the latest trends in phishing scams, malware, social engineering, and more in an effort to establish a security culture, reducing your organization’s risk of successful cyberattack. Take the first step now and email [email protected] to get started.