Hackers have developed a taste for water. At the end of last year, the US federal investigators confirmed multiple water utilities in the US had been breached, a breach of an Irish water utility interrupted the water supply for two days, and the 2022 South Staffordshire Water hack left customers at risk of having their bank details accessed and leaked. The latest high-profile examples have been the recent assault on Southern Water in the UK and Veolia North America in the US.
A recent report also warned that water companies faced an ‘elevated’ risk of attacks targeting UK drinking water. The report attributes increased cybersecurity risks to the growing use of data-logging to monitor water consumption and leverage digital smart meters. Data has become crucial in maintaining and improving public infrastructure – the water industry is no exception.
How, then, can water companies utilise data whilst protecting it from cybercriminals?
Making data watertight
Robust IT and security tools, such as perimeter defence, and regular staff cyber hygiene training are vital. But the security of data also relies on the way it is stewarded. Hackers rely on tactics such as compromised credentials, flimsy logins or phishing attacks that trick employees into giving criminals access. Once inside, they’re searching for sensitive information, such as customer card details, that they can leverage.
A crucial way organisations can help thwart this is through their data governance. If data is well organised with proper permissions and retention policies in place – whereby personal data is managed and destroyed responsibly, and access to sensitive information is only granted when really needed – it makes a hacker’s job much harder. This is because good data governance reduces the risk of employees inadvertently emailing information that could create a backdoor for criminals in the first place, for example. If hackers do still manage to gain access, good data governance also helps restrict the damage they can do.
To practise good data governance, water companies must first run a data audit to understand the extent and nature of the information they hold. Data can easily be lost or forgotten as companies grow and their technology systems change. But data that is unaccounted for or incorrectly logged cannot be appropriately protected.
Next comes cleaning and classifying data. Documents and files must be checked and updated if necessary, before being organised, labelled and properly stored – with the necessary security measures in place for files that have been identified as ‘sensitive’. This process ensures the right data gets the right protections, and helps business operations run more smoothly, too. Recent Gartner research shows that 47% of digital workers struggle to find the information needed to effectively perform their jobs; classifying data and making it easier to discover and access helps tackle this disconnect.
Improving access to data doesn’t mean indiscriminately granting that access. Water companies should also review who can see what – users should only have access to the information they need to do their job. Granting access where it’s not needed greatly increases an organisation’s vulnerability as it gives cybercriminals more entry points to launch an attack.
Finally, smart organisations will set systems in place to automate data governance. This is a vital step. Water companies are dealing with data en-masse and a one-time data overhaul won’t cut it. Machine learning models can be applied to automatically process, classify and store data as it flows into the organisation, in a way that increases both security and efficiency.
Preparing for an AI-enabled future
A strong data strategy doesn’t just give water companies more control over their information. It helps them ride the wave of AI transformation, too. AI offers transformative possibilities for the water industry, and several AI projects are backed by Ofwat’s £200 million Innovation Fund. But behind any safe, secure and successful AI application is well-governed data. The process of cleaning up data, so that the correct information is accessible in the right form for models to understand and leverage, lays the foundation for future AI applications.
The recent flood of cyber attacks against water companies is a worrying trend for the industry. But, through automated data governance, companies can easily sort and shore up their data against present-day threats, and at the same time embrace the digital innovation that’s shaping the next chapter of water management.
