Threatucation Logo
CALL US
302-537-4198
Creating a Culture of Cyber Security in small- to mid-sized organizations
  • Home
  • Services
    • Risk Assessment
    • Security Policies
    • Security Awareness Training
    • Scam Support
    • Cyber Security Solutions
    • Backups
  • Security Awareness Training
  • Testimonials
  • About
  • Blog
  • Reports
  • Contact

Cautionary Tales for SMBs from Hacked Water System

February 17, 2021 by Eric Magill

As you probably read or heard last week, the small city of Oldsmar, Florida, population 13,500, narrowly escaped a disaster from a cyber attack.

A hacker manipulated the Lye ratio in the water system of the city near Tampa using the remote access tools the city’s water department deploys to remotely manage the chemicals that make the city’s water safe to drink.

The story doesn’t tell us as much about the vulnerability of our nation’s critical utilities, however, as it does about what can happen when municipalities and businesses cut corners on the technology they use.

Oldsmar turned out to be fortunate in this case.

First, the hacker chose to access the system during working hours in full view of on-site staff, who immediately alerted their superiors to the attempts to drastically change the lye content in the water. Had the hacker attempted to do this after hours, the problem might not have been caught until the next morning.

Second, the water plant still remotely accesses the system with Windows 7 32-bit computers a year after Microsoft retired that operating system and declared it unsafe, but that was the least of the plant’s security transgressions.

The computers used to access the plant’s treatment control system shared the same password for remote access. In addition, all appeared to be directly connected to the Internet without a firewall.

Budget concerns justifiably come into play with cyber security measures at small municipalities, just as they do for small businesses.

But using different passwords, changing them from time to time, installing a firewall, and implementing multi-factor authentication offer low-cost protection that any organization can afford.

Another cost-effective measure would be cyber security awareness training for employees and management.

For information on what a security awareness training program can do for your business, visit https://threatucation.com, call me at 302-537-4198, or email me at ericm@threatucation.com.

Filed Under: cyber security, Risk Assessments, Security Policies Tagged With: #cyberattack, #cybersecurity, municipality, remoteaccess

Share:

Meet With Us!

Schedule an Online Meeting with Threatucation to start developing a Culture of Cyber Security in your organization.

Latest News

  • You’re Still Not too Small May 13, 2021
  • Cyber Security Tips for Protecting Law Firms March 31, 2021
  • Security Awareness not Just for Employees March 1, 2021
  • Cautionary Tales for SMBs from Hacked Water System February 17, 2021

FOLLOW US

Contact Us

Form for requesting a free cyber security risk assessment.

Copyright © 2022 · Threatucation