This group is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

Cybersecurity Preparedness, Equifax and Benjamin Franklin

The prudent advice Benjamin Franklin shared with the world is just as valuable today as it was nearly 200 years ago. It is valuable to individuals and corporations, in all aspects of life, across many cultures and industries. Benjamin never saw a computer; however, his advice is highly applicable to today’s cybersecurity preparedness challenges. 

“Diligence is the mother of good luck.”

Beginning in September, multiple Equifax security breaches have been in the media. Breaches of highly sensitive data have a wide-ranging impact to our lives. The Equifax security breaches were preventable. The vulnerabilities were known months before the hackers stole the information while patches were available but were not installed.

In a letter to the Wall Street Journal, Equifax Interim CEO Paulino do Rego Barros Jr., admitted, “We were hacked. That’s the simple fact.” Equifax wasn’t diligent with software patching and faced some serious consequences because of it.

“An ounce of prevention is worth a pound of cure.”

Imagine the time, effort, and reputation that could have been saved if security warnings weren’t ignored and patches were installed when they were announced. As a result of complacency, over 145 million people were affected. Hackers stole personal data including Social Security numbers, credit card numbers, driver’s license numbers, birthdays, and addresses.

Equifax isn’t the only entity that has been hacked in recent times with serious consequences. Unfortunately, it’s a high-profile example of what is happening globally.

It will take years, if it is even possible, to repair shattered trust, data and financial loss because of these breaches.

“By failing to prepare, you are preparing to fail.”

Avoid cybersecurity failure by preparing to be secure. Spend a little time and effort preventing hacks. Be diligent with installing patches. How?

Four basic steps need to be taken as part of any patch management program:

1. Inventory. Inventory assets (devices, computers, equipment, tablets, smart phones, etc). This includes any asset that has software or firmware, any kind of intelligence or any connectivity to the outside world. Don’t overlook the less obvious ones like USB drives, smart TVs, game controllers, etc. Any device that can reach sensitive data should be included.

2. Baseline. Get a list of the software or firmware on each of those assets. Know what ports are supposed to be open. Know what user accounts are on the devices.

3. Monitor. Proactively track all updates, news, security alerts, and patches related to the assets and their software.

4. Install. Follow through with timely installation of security patches. If a patch can’t be installed for some reason, take other measures to mitigate any residual risks.

There are many ways these four steps can be achieved ranging from manual review and processing of data using paper or spreadsheets to fully automated patch management systems.

“Distrust & caution are the parents of security.”

Timely patching of software is not the only thing needed to stay safe; secure passwords, physical and electronic access management, virus protection and common sense play a role in being cyber-secure.

Anticipate expanded cybersecurity requirements in your own firm, especially if your industry is heavily regulated.  Hacks aren’t limited to financial services companies.

Conclusion: “Never leave that till tomorrow which you can do today.”

Get up to date on your patches today! Start strategically assessing your discipline for tracking your assets and applying patches. Put measures in place to inventory and baseline assets, to regularly monitor for updates and then install them. The reality is if good patch management practices are followed most hacks can be averted.

What would Ben Franklin have to say about the Equifax breach? No doubt he would have some cleverly-worded advice about diligence for making the world a more cyber-secure place.

Kathryn Wagner's picture

Thank Kathryn for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »