Thales: Energy Infrastructure New Frontline of Cyber Attacks
The rising storm in cyber attacks is now posing serious threats to the operations of nations, with a 2024 Data Threat Report by IT consultancy Thales shedding light on the growing cybersecurity challenges confronting the energy sector.
According to the report, nearly half of CI organisations in the energy industry have experienced a data breach, with ransomware attacks becoming increasingly prevalent.
Alarmingly, 93% of these organisations have observed an increase in cyber attacks. "By operating complex, highly diverse and inter-dependent technologies, the range of risks on the table is also diverse," said Tony Burton, Managing Director of Cyber Security & Trust at Thales UK.
Why energy infrastructure
The energy sector's reliance on legacy operational technology (OT) systems and the inherent complexity of its systems make it an attractive target for threat actors.
"This report highlights the need for CI organisations to take proactive measures to build cyber resilience across their distributed operations, addressing human error, ransomware, compliance and access management concerns," Tony added.
Malware, phishing, and ransomware top the list of common cyber threats facing the energy industry. According to the report, nearly a quarter of respondents have fallen victim to a ransomware attack in the last 12 months, with 11% paying the ransom.
This is partly due to the critical nature of these systems, as threat actors know that organisations are likely to pay ransoms to minimise downtime and maintain operations.
With a growing number of threats being linked to state actors, the targeting of energy, which is deemed critical infrastructure, becomes an area of acute focus for attacks.
Causes of concern
The leading causes of cloud-based breaches in the energy sector include human error (34%), exploiting known vulnerabilities (31%), and failure to apply multi-factor authentication (20%). Notably, 30% of CI organisations also experienced an insider threat incident, underscoring the need for robust access management and security awareness programs.
The International Energy Agency (IEA) further emphasises the unprecedented threat that cyberattack trends pose to the energy sector's critical infrastructure. The agency identifies a significant challenge - utilities often lack the necessary defences to secure themselves due to difficulties in finding and retaining skilled cybersecurity professionals.
"As with most industries, utilities increasingly use digital technologies to better manage plants, grids and business operations, which contributes to energy security by improving quality of supply, providing additional services to customers and enabling clean energy transitions through the integration of distributed energy resources," the IEA said.
"However, this progress comes with risks. Digital systems, telecommunication equipment and sensors throughout the grid increase utilities' exposure, as each element provides an additional entry point for cybercriminal organisations."
Digitalisation an expanding attack surface
The energy sector's reliance on digital technologies brings numerous benefits, but it also exposes critical infrastructure to an elevated level of cyber risk.
The complexity of systems, the reliance on legacy OT, and the difficulty in finding and retaining skilled cybersecurity professionals have all contributed to the industry's vulnerability.
To mitigate these risks, energy companies must prioritise the development of comprehensive cybersecurity strategies, focusing on enhancing their cyber resilience, addressing human error and insider threats, and leveraging emerging technologies to bolster their defences.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- Cybersecurity & Sustainability: Capgemini Shows the SynergyCyber Security
- Thales and the Tangible Link Between Cyber Expansion and ROICyber Security
- Kyndryl and AWS: The Cyber Issues Facing the Energy SectorCyber Security
- Attackers Delight: Why Does Healthcare See So Many Attacks?Hacking & Malware