A firewall and virus protection used to be enough to keep your network and customer’s private information safe. But with today’s work-from-home world, that’s just not the case anymore. Cybercriminals know your utility is a gold mine filled with your community’s private information, and they are looking for ways to mine that gold.  As a matter of fact, according to the University of Maryland study, a hacker attacks every 39 seconds. And now with workers accessing your network from home, it’s just a matter of time before a cybercriminal puts your customers’ data at risk.

 To keep your customers’ bank account and credit card numbers safe, your utility needs what’s called a Managed Detection and Response (MDR) service. You may not have heard of (MDR) yet, but by the end of this post you’ll know what it is, the cybersecurity myths associated with it, and why you need MDR for your utility.

 Managed detection and response (MDR) is the newest tool in keeping cybercriminals out of your network and keeping your data safe. Working in conjunction with your firewall and virus protection, MDR detects and prevents a threat before it becomes a major issue. MDR providers deploy a combination of tools at the utility’s host and network layers to monitor, detect and respond to cyber threats.  Using 24/7 remote threat monitoring, the goal of MDR services is to rapidly identify and limit the impact of security incidents, reducing the risk to your network and keeping your customer’s personal information safe.

 Today, most utilities are using a product (or several) to prevent cyberattacks. Think firewall, antivirus software, and endpoint security tools. Although utilities may have multiple products protecting their network and data, they can still be at risk for a cyberattack. These products, although good at what they do, will create a complex web of security that is difficult to monitor and maintain.  Because most utilities do not have a dedicated IT security person, these products run on autopilot and alert someone as needed. With so many products come so many risk alerts, and the monitoring person eventually suffers from alert fatigue. 

Managed Detection and Response is a cut above product-centric security services because it provides a proactive, secured, and integrated infrastructure that monitors manages, and contains threats. Technology and human threat hunters work together to determine the best way to reduce risk. Using security intelligence to monitor attacks, threats, user behavior, and network traffic, MDR brings together a complete picture of a utility’s security. By having managed detection and response services in place, you take the network and data security monitoring burden off your in-house team and put these tasks in a security professional team’s hands.   

Right now there is so much misinformation about cybersecurity, that it’s difficult to know what to do to keep your network and customers’ personal information safe. Here are 4 myths about cybersecurity and what MDR can do to keep you protected.

 Myth 1: I’ll just hire someone to take care of my security.

 According to ISC2’s 2020 Cybersecurity Workforce Study, there is a 3.1 million security professional gap in the workforce. Not having enough security professionals creates a two-fold problem. First, if you’re lucky enough to hire a security professional, you’re going to have to pay a premium for this person.  As with most utilities, budgets are tight and have to stretch as far as possible. Paying for a full-time security professional may not be in a utility’s budget; so, they will make do with the IT staff they have.  

Second, if you don’t hire a dedicated, knowledgeable security professional, you’ll have to rely on your current IT staff, who may or may not be fully qualified or have the time to keep your network safe. If you’re like the 56% of respondents to ISC’s survey, you also think that this shortage puts your organization at risk for a cyberattack. Hiring an MDR service will keep you from hiring extra, expensive IT personnel and free up your IT staff to focus on other pressing matters.

 Myth 2: I can’t afford to hire a security service.

If you want 24/7 product protection, security can become expensive, but not having protection can be even more expensive.  Many small- to medium-sized business owners will try to buy several products in order to maintain a secure network, but the more products you buy the more expensive it becomes. Couple the software subscription costs with the amount of time it takes for someone to monitor all of these subscriptions, platforms, and alerts, you’re paying more than you think.

For just a fraction of the cost, hiring a managed detection and response service, like Covalence, can save you money and protect your network and data. For a monthly fee, you’ll get human threat detectors and technology that will notify you of issues before they become threats. With your current firewall and antivirus in place working with Covalence, you’ll have 24/7 protection without the added cost of hiring a security professional.

 Myth 3: We have a bunch of security products running. That’s good, right?

 You may have spent money on security products like a firewall, malware detection software, virus protection, and endpoint protection, but you may not be monitoring these products effectively and many don’t integrate to give you an alert overview. If no one is keeping an eye on alerts, it could be 7 months before you detect the cyber breach.  Think about having your whole community’s personal information in the hands of cybercriminals for 7 months before you learn about it. That’s a lot of time to exploit that data, and when you discovered the breach, the public backlash would be intense.

 Myth 4: My utility can’t get hacked.

 Although 60% of small to medium business owners think their businesses are not at risk for a cyberattack, they are. As many as 1 in 5 businesses experienced a data breach in 2020, and these businesses are prime targets for cybercriminals because most SMBs think that they are too small to be attacked.  Because they don’t think they can be hacked, SMBs skimp on security. But cybercriminals know that utilities are a private information gold mind. You have all of your community’s personal data stored on your network. Cybercriminals know that, and they want all the social security, bank accounts, and credit card numbers they can get from your network. The recent ransomware attack in Michigan just goes to show you that utilities are a prime target for cybercriminals.

 Why Your Utility Needs Managed Detection and Response

Managed detection and response dispels the myths above in one inexpensive service. When you sign up for Covalence, you’ll get a host of security professionals monitoring your network and data all at a very affordable monthly fee. Covalence technology and human threat hunters will alert you to any problem in less time and with greater success than hiring a hard-to-find and expensive security professional.

 Although you may think that security is expensive, MDR costs much less than hiring someone in-house, and it’s much more affordable than a breach will cost your utility. With 2021’s data breaches expected to reach 6 trillion globally, you can’t afford not to have an MDR service in place. And although you may think that security is complex, Covalence makes it easy for you and your staff to monitor your network and prevent data breaches without all those extra, expensive products.

 And if all of these facts haven’t dispelled these myths for you, think about this fact: Cybercriminals are shifting their targets from individuals to small businesses, governments, and critical infrastructure so that they can maximize damage and make the most financially. As a utility provider, you owe it to your community to take your security seriously.

Need a blueprint for setting up your security protocols? Join us for our April 28, 2021 Security webinar with our partner, Field Effect. Just click on the button below to register.