Energy sector becomes UK’s top target for cyberattacks

According to the latest IBM Security Report, the energy sector saw 24% of all UK cyberattacks in 2021, followed by manufacturing and financial services

IBM Security (NYSE: IBM) today released its 2022 X Force Threat Intelligence Index, which reveals the UK’s energy industry was the country’s top target for cyberattacks, accounting for 24 per cent of all incidents, followed by manufacturing and financial services, which each received 19 per cent of attacks. The UK became one of the top three most attacked countries in Europe in 2021, along with Germany and Italy, according to the report. 

The study comes amid intense pressure on the UK’s energy and manufacturing sectors, with the energy regulator preparing to increase its cap on prices by over 50% in April, and ongoing supply chain challenges. With the cost of cyberattacks trickling down to consumers, the findings highlight the urgent need for robust cyber resiliency in the nation’s critical industries. 

The UK has been stepping up its efforts to meet the security challenge, with the government recently publishing the National Cyber Strategy and Government Cyber Security Strategy 2022-2030, as well as proposing amendments to the Network and Information Systems (NIS) Regulations to improve the cyber resilience of UK businesses. The Government’s latest Annual Cyber Sector Report also showed record investment in the cybersecurity sector last year, with revenues exceeding £10 billion. 

Laurance Dine, Global Partner, X-Force Incident Response, IBM, said: “Cybercriminals worldwide are becoming increasingly resilient, resourceful, and stealthy in their pursuit of critical data. In Europe, we saw adversaries overwhelmingly exploiting unpatched vulnerabilities to infiltrate victim environments in 2021, highlighting the importance of adopting a Zero Trust approach to security. Businesses must start operating under the assumption of compromise, putting the proper controls in place to defend their environment and protect critical data. 

“In the UK, critical industries such as energy, manufacturing and finance are key targets for cybercriminals, underlining the importance of the government’s National Cyber Security Strategy to ensure the economy remains resilient in our fast-moving digital world.” 

The 2022 IBM Security X Force Threat Intelligence Index found: 

Ransomware’s Reign is Far from Over   

This notorious attack, which typically “locks” a computer system until a sum of money is paid, has accounted for more than one in five cyberattacks worldwide (15% in the UK). Other findings include:  

·       The REvil ransomware group was responsible for 37% of all ransomware attacks X-Force observed in 2021. 

·       Data theft was the most common attack type in the UK during 2021, making up 31% of incidents. 

·       Phishing was overwhelmingly the top infection method used against UK businesses in 2021, leading to 63% of incidents.  

Businesses Remain Vulnerable to Attacks  

Vulnerability exploitation, a term used to describe a threat actor taking advantage of an unpatched flaw or weakness in an IT system, remains a top challenge for– in fact:  

·       The number of network compromises caused by vulnerability exploitation rose 33% in a year. 

·       Vulnerability exploitation was the cause of 44% of ransomware attacks 

·       In Europe, 46% of cyberattacks were caused by vulnerability exploitation.  

“Manu-fractured”Supply Chains 

·       Manufacturing was the most attacked industry globally in 2021, with ransomware persisting as the main culprit, representing 23% of attacks.  

·       In the UK, energy was the top-attacked industry, with 24% of incidents, followed by manufacturing and finance and insurance, each receiving 19% of attacks.  

Commenting on the findings, Simon Hepburn, CEO, UK Cyber Security Council said: “IBM Security’s latest research highlights the constantly evolving nature of the global cyber threat, as adversaries seize on new vulnerabilities created by digital transformation. With the UK’s critical industries under constant threat, it’s imperative that the UK rapidly expands its professional cyber security workforce by investing in training and professional development opportunities. Providing pathways for people to enter the profession as career changers or graduates, as well as ensuring people from all backgrounds have access to opportunities, will be key to achieving this.” 

The annual report from IBM Security X-Force, which maps the latest security trends and attack patterns, analysed global data ranging from network and endpoint detection devices, incident response (IR) engagements, and phishing kit tracking, from January to December 2021.  

 

Share

Featured Articles

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Andy Harris, chief technology officer of Privileged Access Security company Osirium shares his insights for the industry.

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security

ICYMI: 2022 ransomware trends and Christmas cyber threats

Cyber Security