A Conversation with. . . Aera Energy’s Alec Wilder
It may be through a malicious website, massive data breach or someone hacking into your system. Someone somewhere is out to steal your information or harm your business. Alec Wilder, Aera’s chief information officer, discusses cybercrime and why Aera has adopted a cybersecurity philosophy of “Zero Trust.”
Are cyberattacks a concern for Aera?
Cyberattacks are not only a concern for Aera and its employees but globally. It would be unique to find a company that’s not concerned about cybersecurity. We all need to ensure that defenses are in place and act accordingly against cyberattack threats. The annual Verizon data breech report says, and I agree, that “regardless of the type of or amount of your organization’s data, there is someone out there who is trying to steal it.”
One in 10 websites is malicious. Web attacks are up 56%, and mobile ransomware is up 33%, according to the Symantec 2019 Internet Security Threat Report. These kinds of numbers mean the environment is very dangerous. Aera receives more than 5 million emails a month, with close to 90% being blocked due to malicious content. The remaining 10% is comprised of advertising, social media and legitimate email. Of that 10% valid mail, think of it as our mail having 4% first-class letters and 6% junk mail.
What can be cyberattacked?
Anything attached to the internet is vulnerable to a cyberattack. That’s why Aera adopted a philosophy of “Zero Trust” earlier this year. Zero Trust doesn’t mean we don’t trust you as an individual. It means we must verify everyone’s credentials and make sure individuals are who they say they are before they have access to the requested information. A defensive perimeter is no longer adequate. Our Zero Trust philosophy is about protecting, detecting and responding to cyber threats.
Forrester, the influential global firm that researches and analyzes business and technology data, describes the Zero Trust philosophy very clearly: “Think of business data like jewelry. While you might leave some cubic zirconia lying around in a dresser drawer, you store your great-grandmother’s diamond necklace in a safety deposit box. And while you may let dinner party guests mingle throughout the house, you won’t give each guest a key to that box. The same applies to your data: Not all data requires the same treatment. Finally, your compliance controls can reflect this.”
Does Aera have its own cybersecurity experts?
We have a team of cybersecurity professionals, led by Bill Trivitt, that specializes in the details and technologies involved with cybersecurity. It’s key to have leadership and talent on your staff. Our staff has over four decades of combined security experience and is always learning and expanding its capability. We also use third-party experts and highly advanced technology to provide assistance and expertise on cyber threats and challenges. We work closely with national and local government agencies, including the Department of Homeland Security and the FBI, to keep tabs on the newest cyber exploits and threats.
At Aera, we have made cybersecurity everyone’s responsibility to help keep Aera safe. We conduct employee training on cybersecurity multiple times a year. We have also extended that training to the families of our employees to help them keep their home technology safe. We like to think of cybersecurity as an extension of Aera’s overall safety emphasis.
Are there enough cybersecurity experts to fight these threats?
The pool of talent for real experts is strained at this time. A Forbes report estimates that there will be as many as 3.5 million unfilled positions in the cybersecurity industry by 2021.
What cybersecurity tips can you offer?
- Don’t click on a link when you don’t know where it’s taking you.
- Use very strong passwords and change them several times a year. That applies to your computer, social media accounts and even home devices like your thermostat and Alexa.
- Use a two-factor authentication process.
- As a company, the best thing you can do to limit the risk of cyberattacks is to hire a cybersecurity staff that embraces the motto, “We’re paranoid about cybersecurity so you don’t have to be.”