IIOT Power

Monitor, Teach, Protect: Three Priorities for Insider Threat Prevention in the Energy Sector

In December 2020, the U.S. Department of Energy announced a new subcommittee focused on the nation’s electric grid. The Grid Resilience for National Security subcommittee was a response to increasing threats to the country’s expansive electric grid that reliably delivers electricity to power the digital age.

Today, those threats are even more relevant than ever before. For example, in February 2020, a natural gas company was targeted by ransomware, bringing the facility to a two-day standstill. Internationally, cyberattacks on electric grids have turned off power in Ukraine and India, and a successful attack on the U.S. could have expansive consequences that rival the recent catastrophic power outages across Texas.

At the same time, a 2020 report by the Office of the Director of National Intelligence disclosed China’s capacity to direct cyberattacks on U.S. natural gas pipelines. As the U.S. energy sector continues to become more interconnected and tech-driven, its vulnerabilities become more nuanced and harder to defend.

To be sure, energy companies are investing millions in comprehensive perimeter protection through firewalls and other defense mechanisms, making it more difficult for bad actors to gain access undetected. Meanwhile, insider threats pose an often-overlooked threat to energy infrastructure integrity. As the Department of Homeland Security expressed, “Insider threats are the source of many losses in critical infrastructure industries.”

That’s why insider-focused cybersecurity initiatives can play a critical role in preventing the next cyberattack on the energy sector. Insider threat prevention that prioritizes employee monitoring, comprehensive employee training, and automation can play a formative role in securing the nation’s energy infrastructure. Here’s how energy companies can begin that process today.

Monitor Insiders to Avoid Accidents and Bad Habits

The recent SolarWinds breach reminds us that it’s easier to target individuals than bypass sophisticated cybersecurity operations. Human error plays a significant role in most cybersecurity incidents, and many operational technology (OT) experts in the power industry identify careless insiders as the top cybersecurity threat.

These risks are elevated in a hybrid work environment. As many energy companies embrace hybrid work arrangements, cybersecurity practices must adjust accordingly. Whether working onsite or in a remote environment, employee errors often manifest as negligence or ignorance.

For example, 35% of people never change their account passwords, and many people reuse these credentials across multiple accounts. With billions of records compromised by data breaches in the past several years, each stolen credential represents an opportunity to access critical infrastructure. To secure accounts, energy companies should:

  • Regularly Update Account Passwords. Strong unique passwords make it more difficult for bad actors to acquire this information, and, when they do, it prevents cascading consequences across other accounts.
  • Enable Two-Factor Authentication. This simple feature notifies employees when a new account login is detected. While the technology isn’t perfect, it’s a low-cost solution that can make a significant difference.
  • Use a Virtual Private Network (VPN) Service. Especially for remote workers, these services can prevent cybercriminals from using unsecured internet connections to compromise data integrity.

Employee monitoring-derived behavior analytics enforces these priorities, ensuring that workers are following these and other directives that can prevent bad actors from gaining front-door access to sensitive systems.

Teach Employees to Identify Scams and Fraud

In addition to equipping employees with cybersecurity best practices, energy companies can harness employee monitoring software to teach workers to identify scams and fraud, reducing the risk of ransomware, phishing scams, and malware from impacting the energy grid. This is especially important in a post-pandemic environment. Phishing attacks increased by 350% as the recent pandemic accelerated, and, according to one survey, 38% of respondents reported that a co-worker fell for a phishing attack in the past year.

At the same time, ransomware attacks are becoming increasingly prevalent, threatening critical infrastructure with costly disruptions. While these threats pose a real risk to energy companies, they are only effective if employees engage with malicious messages, fail to secure accounts, or give away access credentials. Employee monitoring software can be used to actively teach and train employees to spot scams, transforming a vulnerability into an indelible defensive asset.

Supporting Your Team with Automation

Even before the recent pandemic, cybersecurity professionals were burned out and exhausted. They are now accounting for an increasingly expansive threat landscape, even as the volume and consequence of attacks become more pernicious.

Automation can enhance their capacity, allowing them to focus on the most pertinent risks while allowing sophisticated software to manage low-level risks. For example, this technology can:

  • Actively monitor networks for suspicious activity while developing sophisticated behavior analytics to detect anomalies and prevent a cybersecurity incident before it occurs.
  • Reduce the number of cybersecurity threats, like phishing scams, that reach employees’ inboxes.
  • Prevent data exfiltration before a breach.
  • Notify information technology (IT) personnel of high-level risks in real-time.

Automation doesn’t replace cybersecurity personnel, but it supports their efforts, empowering them to stay a step ahead of today’s bad actors. As the power sector becomes more technologically integrated and interconnected, its effectiveness in this regard is essential. By guarding against insider threats, energy companies can reduce the risk of a cyberattack impacting their operations.

Isaac Kohen is vice president of Research and Development at Teramind, a global provider of employee monitoring, data loss prevention (DLP), and workplace productivity solutions (@teramindco).

SHARE this article

ransomware breach cybersecurity insider threat cyberattack phishing Automation