Water Utilities and Cybersecurity Struggle | Remote Workers Habits | The Cyber Review

June 19, 2021
Written by Farah

Survey Shows Many Water Utilities Struggle With Cybersecurity

The attack on critical infrastructures such as water systems has been increasing since the pandemic.

A survey conducted in the U.S. by the Water Information Sharing and Analysis Center (Water-ISAC) and the Water Sector Coordinating Council includes responses from more than 606 water and wastewater utilities, representing the approximately 52,000 community water systems and 16,000 wastewater systems.

Many of the water utilities, especially in rural communities, have disadvantages. They struggle to maintain and replace infrastructure, maintain revenues while addressing issues of affordability, and comply with safe and clean water regulations.

When it comes to specific cybersecurity challenges, more than 60 per cent of water utilities say they have not fully identified IT-networked assets in their networks, and only a little more than 21% of those utilities said they are working to do so. Furthermore, roughly 70 per cent said they have not fully identified all operational technology networked assets and fewer than a quarter are working to do so.

The respondents reported their top challenges were minimizing control system exposure, assessing risks and identifying hardware or software vulnerabilities.

Only four organizations confirmed a breach of their IT or OT systems in the past year, while dozens responded they were "not sure" if they had experienced an incident.

How Cybersecurity Habits Of Returning Remote Workers Can Put Companies At Risk

The risk of returning to work with devices that have been out of the office for over a year now is just as dangerous as sending employees home with office devices. Bad cybersecurity habits of employees working remotely puts companies at huge cybersecurity risks.

Businesses need to understand when, and why, people make mistakes so they can take action right away and prevent those mistakes from turning into data breaches.

A new survey released today by Tessian, an email security company, found that:

  • A majority of IT leaders (56%) believed their employees have picked up bad cybersecurity behaviors since working from home.
  • Sixty-nine percent of the leaders said ransomware attacks will be a greater concern in a hybrid workplace.
  • Over half (54%) were concerned that staff will bring infected devices and malware into the workplace. And their apprehension appeared to be founded—40% of employees said they plan to work from personal devices in the office.

Ransomware Tactics

Hackers are manipulating human behaviour. They are taking advantage of people's insecurities and emotions to trick people into clicking and opening on items such as messages or photos. Once the item is clicked on, ransomware is downloaded and takes over the device.

Employee Mistakes Threaten Cybersecurity

Very little employees report cybersecurity mistakes. Over a quarter of employees admit to making mistakes that compromised company security while working from home.

Advice For Company Leaders:

Culture Matters

Create a company culture that gets people to work securely and allows a makes for people to speak up about mistakes.

The Biggest Vulnerabilities

Know your biggest vulnerabilities and build a strategy keeping your employees in mind.

A Business-Critical Issue

Security is a business-critical issue so ensure that the company's IT and security leaders are involved in business reopening decisions.

Encourage Long-Lasting Behavior

Improve company security by encouraging long-lasting behaviour in employees. Tailor exercises for specific departments, provide tools to make smart decisions when there is a threat, and don't approach security training as a punishment.

Why Government Needs More than Money to Fix Cybersecurity Issues

New research (McKinsey & Company) shows that there is no direct correlation between cybersecurity spending and success of a program. Government and companies need to leverage new resources to fix cybersecurity issues.

Cross-Sector Collaboration

Cybersecurity threats are not specific to certain sectors. Cybersecurity teams across sectors need to collaborate on talent, training, and solutions to work together to prevent attacks. By developing such a process of collaboration between the public and private sectors, the federal government can simultaneously scale its cybersecurity workforce.


Practice makes perfect. Provide the most updated resources to upskill existing teams is a critical component to building a robust defense. The federal government will never get ahead of the vastly growing threat landscape until more than just additional funding is offered as a potential solution to the persistent issues plaguing the industry. The best defense is a strong offense and the federal government must start setting an example for others to follow.