Cyber risks come in many forms, exploiting distinct vulnerabilities for specific aims, and can include more than one kind of attack carried out simultaneously. Malicious behavior encompasses both the means of entering systems as well as the ways in which attackers disrupt them upon access. Here are four common risks, how they are executed, and measures public power utilities can use to protect themselves against them.
Phishing | |
 | What it Is: Fraudulent emails, text messages, phone calls, or websites to trick users into submitting sensitive information - such as passwords or other credentials - that can be used to breach protected systems. Phishing can also trick users into downloading malicious software. How to Mitigate: Train employees to spot phishing attempts and provide reposting measures to staff can easily flag suspicious emails or other items. |
Man-in-the-Middle (MitM) Attack | |
 | What it Is: An attacker intercepts communication between two parties, gathering sensitive information such as login credentials or personal data. How to Mitigate: Ensure your organization has strong wireless encryption and router login credentials and employs a secure VPN, which makes it harder for bad actors to surveil information sent across systems. |
Ransomware | |
What it Is: Malicious software that locks important data or system files, so an attacker can demand payment to restore user access. How to Mitigate: Implement multifactor authentication to make it more difficult for bad actors to access systems. Be able to quickly isolate infected machines and lock shared drives in the event of an attack. |  |
Wiper Attack | |
What it Is: Malicious software that corrupts or erases critical data from a system. How to Mitigate: Continuously monitor network traffic and system logs, use encryption, and back up essential data. |  |
