Navigating the Complex World of Cybersecurity
Five Elements of a Strong Cybersecurity Plan and a BSP That’s Doing It Right
Broadband service providers (BSPs), utility companies, and municipalities are all responsible for protecting not only their own data, but their customers’ data, too. Cybersecurity is not a new topic, but many industry professionals still struggle to understand the breadth and evolution of cyber threats and what it takes to establish —and maintain —a strong cybersecurity plan.
In this white paper, we’ll briefly discuss the latest cybersecurity threats, discuss the five critical elements of a solid cybersecurity plan, and tell the story of a BSP, Farmers Telecommunications Cooperative (FTC), that is prioritizing cybersecurity and taking measures to protect their network from attacks.
The rise and sophistication of modern cybersecurity threats
Modern cyber threats are increasingly sophisticated, making them difficult to detect and prevent. Cybercriminals develop new tactics constantly. Here are just a few you may have heard about, but whose developments, prevalence, or variations may be new to you:
These are just a few types of cybersecurity threats. Having a solid cybersecurity plan and protective tools in place is the only way to maintain a constant defense against these attacks.
“At NISC, we often say that there are two types of companies: the ones that know they are compromised, and the ones that don’t know they are compromised,” said Jeremy Schoneberg, NISC Team Lead of Information Security. “In other words, when it comes to cybersecurity, we operate on the assumption that there’s no such thing as a company that isn’t compromised in some way. While that may not be strictly true, the mindset allows us and our Members to be proactive about protecting critical systems.”
The five elements of a strong cybersecurity plan
What does that protection look like? It starts with building a solid foundation for cybersecurity. Here are the five elements of a strong cybersecurity plan:
领英推荐
“When NISC evaluates a Member’s cybersecurity risk, the tools above are considered foundational to a strong cybersecurity plan. NISC also practices what we preach, using these tools and others for our own systems and data,” says Schoneberg. “Whether or not a Member uses the entire suite of NISC’s cybersecurity services or handles some aspects of their cybersecurity plan in house, we work in conjunction with the Membership to ensure all are knowledgeable and protected, period.”
Case study: Farmers Telecommunications Cooperative (FTC)
Farmers Telecommunications Cooperative (FTC) has been a NISC partner for more than 25 years, relying on NISC for operations, service tools, and other enterprise software. In the last ten years, FTC turned to NISC to implement more robust cybersecurity tools. The cybersecurity partnership between FTC and NISC started with a more sophisticated firewall system. Although FTC had a firewall before using NISC’s cybersecurity tools, they had no firewall redundancy—if their firewall was breached, no backup systems would kick in.
As time went on, FTC became a beta user in NISC’s Incident Detection and Response service and starting using NISC’s Backup Management service. When FTC implemented Incident Detection and Response, Information Systems Analyst Mike Gilbert says he breathed a sigh of relief. “Incident Detection and Response was a game changer,” he says. “[Before Incident Detection and Response] we had nothing to tell us somebody was messing around in the network or something was going on.”
Today, FTC relies on many of NISC’s cybersecurity offerings, while managing some aspects internally. The decadeslong relationship between FTC and NISC allows a holistic approach to protecting FTC’s systems and an open dialogue to ensure they are keeping up with the ever-evolving threats. While cybersecurity is a relatively new offering in the context of NISC’s 50-plus-year history, Members like FTC know that finding the right solution has always been part of NISC’s culture. If NISC doesn’t have a service FTC needs, we draw from our vast network of partners to recommend a vendor that does.
In the time FTC has used NISC’s cybersecurity services, FTC has had no major breaches or security incidents. In an instance when another FTC vendor had a data breach, NISC and their partners informed FTC about the breach and said they were already monitoring for any issues. Working with NISC brings peace of mind to the FTC team. “We’re a small telecommunications provider—we don’t have the staff to do it all ourselves,” says Mike Gilbert. “They have eyes on my network 24/7. Two years ago, we didn’t have a policy for responding to cyber threats, and as of today we have that in place.”
Summary
The ever-evolving landscape of modern cybersecurity threats necessitates a proactive approach to protecting critical systems. Regardless of how—or with which partner—cybersecurity plans are implemented, BSPs and other providers must recognize their responsibility to safeguard both their own and their customers’ data.
Establishing a strong cybersecurity foundation is paramount. This includes robust and redundant firewall defenses, advanced endpoint protection, patch management, reliable backup practices, identity and access management, and ongoing employee training.
Follow the example of FTC, which takes a multi-pronged approach to cybersecurity. As cybersecurity threats persist and advance in sophistication, the importance of a detailed and proactive cybersecurity plan cannot be overstated. If you want to learn more about NISC’s cybersecurity tools, we invite you to visit cybersecurity.coop or contact us at 866.999.6472.