Overview:
The Emerald Coast Utilities Authority — a water, wastewater and sanitation services provider in Pensacola, Florida — recently created a security analyst position and launched a cybersecurity management program designed to increase cybersecurity awareness among employees, enhance systems and implement new protection mechanisms. The program, known as Securing the Sector, dramatically reduced the employee click rate on phishing emails, decreased the authority’s attack surface, and ensures technology systems are patched and updated in a timely manner.
Impact:
Better employee security training cut the authority’s click rate from 25% to 2.5%. Matching Active Directory user accounts to current employees reduced the number of active accounts from 680 to 495, lowering the risk of unused accounts being compromised. And patch and update rates for servers and computers are now above 95%. In addition, the authority disconnected all operational technology systems from the Internet.
Advice:
The authority offers these recommendations for other districts seeking to replicate its success: -- Clearly mark critical data center connections that must be disconnected in the event of a cybersecurity breach. The authority marks these connections with orange “panic flags” and all members of the IT department know how to disconnect them. -- Implement group policies that prevent executable files from running in the temp space on employees’ computers. -- Delay the replication of data to off-site file servers. The authority delays this replication for several hours to detect and stop efforts by ransomware attackers to encrypt backup file server data. -- Monitor the deletion of shadow copies from file servers. Shadow copies, which help organizations quickly recover file server data, are among the first targets of ransomware attacks. The authority created a daily report to track the status of all shadow copies. Any deleted files are immediately investigated by a server technician.