Thales: Energy Infrastructure New Frontline of Cyber Attacks

Share
According to the report, nearly half of CI organisations in the energy industry have experienced a data breach
Thales' 2024 Data Threat Report reveals 42% of critical infrastructure companies, including energy infrastructure, faced cyber breaches

The rising storm in cyber attacks is now posing serious threats to the operations of nations, with a 2024 Data Threat Report by IT consultancy Thales shedding light on the growing cybersecurity challenges confronting the energy sector.

According to the report, nearly half of CI organisations in the energy industry have experienced a data breach, with ransomware attacks becoming increasingly prevalent.

Alarmingly, 93% of these organisations have observed an increase in cyber attacks. "By operating complex, highly diverse and inter-dependent technologies, the range of risks on the table is also diverse," said Tony Burton, Managing Director of Cyber Security & Trust at Thales UK.

Tony Burton, Managing Director of Cyber Security & Trust at Thales UK

Why energy infrastructure

The energy sector's reliance on legacy operational technology (OT) systems and the inherent complexity of its systems make it an attractive target for threat actors.

"This report highlights the need for CI organisations to take proactive measures to build cyber resilience across their distributed operations, addressing human error, ransomware, compliance and access management concerns," Tony added.

Malware, phishing, and ransomware top the list of common cyber threats facing the energy industry. According to the report, nearly a quarter of respondents have fallen victim to a ransomware attack in the last 12 months, with 11% paying the ransom.

Youtube Placeholder

This is partly due to the critical nature of these systems, as threat actors know that organisations are likely to pay ransoms to minimise downtime and maintain operations.

With a growing number of threats being linked to state actors, the targeting of energy, which is deemed critical infrastructure, becomes an area of acute focus for attacks.

Causes of concern

The leading causes of cloud-based breaches in the energy sector include human error (34%), exploiting known vulnerabilities (31%), and failure to apply multi-factor authentication (20%). Notably, 30% of CI organisations also experienced an insider threat incident, underscoring the need for robust access management and security awareness programs.

The International Energy Agency (IEA) further emphasises the unprecedented threat that cyberattack trends pose to the energy sector's critical infrastructure. The agency identifies a significant challenge - utilities often lack the necessary defences to secure themselves due to difficulties in finding and retaining skilled cybersecurity professionals.

"As with most industries, utilities increasingly use digital technologies to better manage plants, grids and business operations, which contributes to energy security by improving quality of supply, providing additional services to customers and enabling clean energy transitions through the integration of distributed energy resources," the IEA said.

"However, this progress comes with risks. Digital systems, telecommunication equipment and sensors throughout the grid increase utilities' exposure, as each element provides an additional entry point for cybercriminal organisations."

Digitalisation an expanding attack surface

The energy sector's reliance on digital technologies brings numerous benefits, but it also exposes critical infrastructure to an elevated level of cyber risk.

The complexity of systems, the reliance on legacy OT, and the difficulty in finding and retaining skilled cybersecurity professionals have all contributed to the industry's vulnerability.

To mitigate these risks, energy companies must prioritise the development of comprehensive cybersecurity strategies, focusing on enhancing their cyber resilience, addressing human error and insider threats, and leveraging emerging technologies to bolster their defences. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security