Thales: Energy Infrastructure New Frontline of Cyber Attacks

According to the report, nearly half of CI organisations in the energy industry have experienced a data breach
Thales' 2024 Data Threat Report reveals 42% of critical infrastructure companies, including energy infrastructure, faced cyber breaches

The rising storm in cyber attacks is now posing serious threats to the operations of nations, with a 2024 Data Threat Report by IT consultancy Thales shedding light on the growing cybersecurity challenges confronting the energy sector.

According to the report, nearly half of CI organisations in the energy industry have experienced a data breach, with ransomware attacks becoming increasingly prevalent.

Alarmingly, 93% of these organisations have observed an increase in cyber attacks. "By operating complex, highly diverse and inter-dependent technologies, the range of risks on the table is also diverse," said Tony Burton, Managing Director of Cyber Security & Trust at Thales UK.

Tony Burton, Managing Director of Cyber Security & Trust at Thales UK

Why energy infrastructure

The energy sector's reliance on legacy operational technology (OT) systems and the inherent complexity of its systems make it an attractive target for threat actors.

"This report highlights the need for CI organisations to take proactive measures to build cyber resilience across their distributed operations, addressing human error, ransomware, compliance and access management concerns," Tony added.

Malware, phishing, and ransomware top the list of common cyber threats facing the energy industry. According to the report, nearly a quarter of respondents have fallen victim to a ransomware attack in the last 12 months, with 11% paying the ransom.

Youtube Placeholder

This is partly due to the critical nature of these systems, as threat actors know that organisations are likely to pay ransoms to minimise downtime and maintain operations.

With a growing number of threats being linked to state actors, the targeting of energy, which is deemed critical infrastructure, becomes an area of acute focus for attacks.

Causes of concern

The leading causes of cloud-based breaches in the energy sector include human error (34%), exploiting known vulnerabilities (31%), and failure to apply multi-factor authentication (20%). Notably, 30% of CI organisations also experienced an insider threat incident, underscoring the need for robust access management and security awareness programs.

The International Energy Agency (IEA) further emphasises the unprecedented threat that cyberattack trends pose to the energy sector's critical infrastructure. The agency identifies a significant challenge - utilities often lack the necessary defences to secure themselves due to difficulties in finding and retaining skilled cybersecurity professionals.

"As with most industries, utilities increasingly use digital technologies to better manage plants, grids and business operations, which contributes to energy security by improving quality of supply, providing additional services to customers and enabling clean energy transitions through the integration of distributed energy resources," the IEA said.

"However, this progress comes with risks. Digital systems, telecommunication equipment and sensors throughout the grid increase utilities' exposure, as each element provides an additional entry point for cybercriminal organisations."

Digitalisation an expanding attack surface

The energy sector's reliance on digital technologies brings numerous benefits, but it also exposes critical infrastructure to an elevated level of cyber risk.

The complexity of systems, the reliance on legacy OT, and the difficulty in finding and retaining skilled cybersecurity professionals have all contributed to the industry's vulnerability.

To mitigate these risks, energy companies must prioritise the development of comprehensive cybersecurity strategies, focusing on enhancing their cyber resilience, addressing human error and insider threats, and leveraging emerging technologies to bolster their defences. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cybersecurity Conglomerate Gen quarterly report reveals shocking statistics like the fact that consumers are now increasingly at risk from Ransomware

Decoding the US' Most Misunderstood Data Security Terms

Kiteworks' results show a thirst from Americans to learn about the topics and terms that have been swirling around in the cybersecurity lexicon as of late

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Senior Security Researcher Wicus Ross analyses Orange Cyberdefense's report that reveals the shape that the growing ransomware storm is taking

Palo Alto Networks Buy IBM's QRadar Assets in Win for SIEM

Network Security

Major Insurers Urge State Support To Secure Cyber Risk

Cyber Security

CrowdStrike Goes to Congress: What Will Come of the Hearing?

Operational Security