Home - Article

Featured Article

December 08, 2019

Cybersecurity Flaws Found in New York Water System

An audit by the New York State Comptroller's Office found cybersecurity electronic access vulnerabilities for the water system in upstate Middleton, N.Y., using a simulated cyberattack to find holes in the defenses.

Sadly, most organization have cybersecurity holes but do not take the proper precautions to find them.

What are the proper precautions?

It depends on budget but for a small to medium business, they should have a cybersecurity firm – either and MSP or MSSP who handles their IT.

Or – if they have an internal person or team, they should have an outside person – a consultant, MSP, MSSP, etc. look for holes.

They should perform cybersecurity audits regularly.

Jacob Tawil, commissioner of public works for the city, said state-hired technology experts conducted a thorough investigation, including simulating a cyberattack on the city's water system, and found holes in the policies and procedures that could have allowed a hacker to tap into the city's networked water system.

"I don't say that about state audits all the time, sometimes I butt heads with them, sometimes we don't agree on everything, but this time it's absolutely timely, needed and it should be done if not annually every three-to-five years by the state to make sure every commitment made is implemented because there are really bad people out there," Tawil said Thursday.

"Adequate" policies and procedures were not in place to document information technology employee security duties, to guide employee usage of portable devices, or to require monitoring of networked water system devices, according to the state Comptroller's report from November. Technology security awareness training was also not provided to employees.

Middleton is relatively small at under 29,000 water connections but size does not matter to hackers which is why this audit was important to perform.

Now that problems have been found, it is time to solve them

The moral of the story is – you can’t manage what you can’t measure.

Every organization needs regular audits like this – best case is quarterly, and the worst case is annual.

Just like the physical you have to keep your body healthy.

In the mean-time, they need top professionals managing their network to keep it as safe as it can be.

The threats are mounting. We have reported nation-state hacks, ISIS and most recently Evil Corp. who has hacked over $100 million dollars.

Make no mistake that there are thousands of other people who wish they could emulate Evil Corp’s success and the tools to do so are available to anyone on the dark web.

A little education is all it takes for anyone to hack for themselves or to create their own hacking syndicate.

Every organization – not just those in New York needs to take the threat seriously.

How do you stay secure or at least drastically reduce the risk? Follow these three steps to start:

1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.

2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing BoxKnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.

3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.


Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.


Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...



Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...



Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...


Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs

Contact us Now!