CEO’s Message — March 2022

March 1, 2022

Cybersecurity and Your Co-op

Headshot of Clay FitchLast November, a small electric cooperative in Colorado became the victim of a cybersecurity attack that paralyzed the co-op’s payment processing, billing, and other internal systems. Industry news reported the co-op suffered a massive data loss and likely was the victim of ransomware, a type of malware that threatens to publish or block access to data until a ransom is paid. It took the co-op weeks to bring its systems back online.

What transpired in Colorado is a sobering reminder that small and rural co-ops are targets, too. Cybercriminals have expanded their targets beyond big business as they realize enormous profits by casting an ever-widening and deeper net. As a result, small business security breaches are escalating.

The amount of potential money to be extorted proves too tempting. The cybersecurity industry reported victims of ransomware paid $18 billion in ransoms worldwide in 2020. Another study reported the average ransomware payment jumped to more than $300,000 in 2020 from $115,000.

First and foremost, Wells Rural Electric Company focuses on keeping members’ data safe. Our information technology team and software providers have implemented multiple layers of security protection to safeguard the co-op and members’ information.

A little more than 85% of data breaches involve a “human element” as cybercriminals prey on individuals to gain access to a personal or business computer system’s portal. The primary tactic deployed by cybercriminals is through social engineering—the attempt to manipulate an individual’s emotions to prompt them to take immediate action. The most common tools of their trade to do this are phishing (emails), smishing (text messages), and vishing (voice messages).

Phishing is the most prevalent. Almost anyone who has an email account has received a scam email. An email claiming a relative or friend needs money sent to them immediately or supposedly your credit card company urging you to take action because of fraudulent use are just two of countless scenarios. While some phishing emails are easy to detect, cybercriminals have become increasingly sophisticated in their deception and luring individuals to act before realizing their mistake too late.

While WREC employees are daily targets of numerous phishing emails, one rarely shows up in their inbox. Our information technology team and strategic partners have implemented extensive technological controls that scan and filter out malicious emails.

If, however, a phishing email breaks through, our employees—the human firewall—are trained year-round to recognize them and report them immediately to our IT personnel.

While past success is no guarantee for the future, members can take comfort in knowing we continually strive to go above and beyond to ensure our IT systems and your data remains protected.

Clay R. Fitch
Chief Executive Officer