Data security during load shedding

Issue 2/3 2023 Cyber Security

Everything is going fine, but then the power cuts out. No problem, your employees have laptops, and backup systems keep PCs running. But what about your data? What steps have you taken to ensure your business information and application services remain available when load shedding strikes? And did you also cover your security?

When data and applications become unavailable, work stops. Load shedding has made this balance much harder to maintain, and many companies might start cutting corners in their security to ensure productivity. They are taking a significant risk.

"Today's digital businesses must balance access to their systems with hybrid workers, 24/7 availability and ongoing security. Throw in frequent power failures and they need to start making tough choices. It becomes tempting to make choices that focus on availability and sacrifice security features, which is understandable, but they should be careful because cybercriminals can exploit those shortcuts," says Gerhard Swart, CTO at cybersecurity company, Performanta.

Load shedding puts every organisation's security under pressure. According to Swart, there are five key considerations you should take into account to avoid trouble while keeping your systems online and your business cyber-safe.

1. Users log in from different areas and at different times

Modern cybersecurity depends on predictable user behaviours, particularly zero trust security that scrutinises the locations and times of people logging in. Load shedding causes big swings in when and where people decide to access systems, and criminals exploit this confusion. Companies should implement multi-factor authentication to reduce problems with hacked accounts and enlist threat-detection services to catch unusual behaviour.

2. Data centre providers are not impervious

Third-party data centres invest considerable resources to provide power generation and protection against surges. But these measures can still fail, and all organisations must have data loss protection plans. These plans include backup services and failover contingencies, such as a secondary live data site duplicated from the primary data centre.

3.Productivity pressures can derail backup/recovery security

When users need to access data or applications, it should happen quickly, or their productivity will suffer. Speed is essential for ready access to digital assets. But such productivity demands often lead to cutting security corners. This is a dangerous compromise and should be avoided. Create clear, flexible backup and recovery processes that maintain key features such as zero trust security and encryption.

4. Password sharing and weak passwords are more widespread

Hybrid working has encouraged some bad security habits to grow, such as weak passwords, reusing passwords and sharing passwords. Even though passwords are not a great solitary defence, they still form part of a robust security posture and good security hygiene. Poor password habits have dual adverse effects: they undermine security culture and weaken security measures. Load shedding amplifies these bad habits. Create a clear password policy, scan for duplicate passwords, and consider providing a company-supported password manager.

5. Criminals can exploit load shedding anxiety

One of the most significant risks from load shedding is the anxiety and panic it causes. Criminals can use these emotions in phishing attacks such as an email offering a super-cheap, high-end power supply (act now or lose it forever!). Users click on the link, thinking they will get a special deal, but they instead allow malware onto their system. Ensure your people are updated on their security hygiene, inform them to watch out for these attempts, and use periodic testing to demonstrate how an attack could happen.

Load shedding amplifies many risks around technology. Most of these are apparent, such as providing backup power. However, it’s important not to overlook the problems it creates for data and applications. Speak to an experienced digital business security provider to ensure your environment balances security and productivity when the lights go off.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Insights from the 2023 Cloud Security Report
News Cyber Security
Increased costs, compliance requirements, hybrid and multi-cloud complexities, reduced visibility, and a lack of skilled practitioners cause organisations to slow or adjust their cloud adoption strategies.

New algorithm for OT cybersecurity risk management
Industrial (Industry) Cyber Security News Commercial (Industry)
OTORIO’s new risk management model and attack graph analysis algorithm technology, calculates OT cybersecurity threats and provides risk mitigation actions, prioritised according to actual exposure and potential impact on operations.

Veeam finds 93% of cyberattacks target backup storage
Cyber Security
Veeam unveils the results of its 2023 Ransomware Trends Report, showing cyber insurance is becoming too expensive and 21% of organisations are unable to recover their data after paying the ransom.

Cybersecurity providers must first protect themselves
Cyber Security
In a joint advisory released by cybersecurity agencies across the United States, UK, Australia, Canada and New Zealand, managed security service providers (MSSPs) have been warned of a sharp increase in cyberattacks targeting their systems.

Cyber attackers used over 500 tools and tactics in 2022
Cyber Security News
The most common root causes of attacks were unpatched vulnerabilities and compromised credentials, while ransomware continues to be the most common ‘end game’ and attacker dwell time is shrinking – for better or worse.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Recession or stress?
Cyber Security News
The economic landscape has seen many technology companies lay off vast numbers of employees, but for cybersecurity, the picture looks very different – a dynamic mixture of excitement, challenges and toxicity.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

NEC XON appoints Armand Kruger as Head of Cybersecurity
News Cyber Security
NEC XON has announced the appointment of Armand Kruger as the Head of Cybersecurity. Kruger will oversee all cybersecurity offerings including cybersecurity strategy, programmes, and executive advisory.

Caesar Tonkin new head of cybersecurity business, Armata
News Cyber Security
Vivica Holdings has announced the appointment of cybersecurity expert Caesar Tonkin to head up its cybersecurity business Armata, which provides technology solutions and niche expertise needed to help businesses better protect themselves.