We highlighted in a recent blog that a Hiscox report had discovered that the energy sector is the industry most at risk from cybercriminals. In this blog we look at why energy and utility companies are the number one target and what those in the sector can do to protect themselves.
Cybersecurity in the energy sector
Cybersecurity threats from malicious actors are becoming ever more sophisticated and complex, and are evolving at an increasing speed. The energy sector experiences the same threats as most industries such as data theft, financial fraud, corporate sabotage and ransomware, by criminals looking for monetary gain, competitors or disgruntled ex-employees. However there are some areas where utilities are more at risk than other sectors, and in these cases the cyber-attack is often not an end in itself, it is just a means to a variety of political, military, and economic goals. These are usually perpetrated by nation-state actors and activists.
Nation-state actors
Nation-state actors will target utility companies to create security and economic disruption – widespread power outages can bring towns, or even entire countries, to a standstill, as well as undermining critical national security and defense infrastructure. Though nation-state actors may also seek to perpetrate the corporate sabotage we have already mentioned.
Hacktivists
Hacktivists use attacks as a way to register their opposition to an organisation’s general agenda or even to disrupt specific projects. These tend to be less sophisticated attacks but are equally damaging. They often employ distributed denial of service (DDoS) attacks either as their main attack or as a distraction technique.
So the energy and utility sector may be more attractive but are they more vulnerable?
The very nature of energy companies means they often have a very geographically distributed infrastructure. Some of the infrastructure of utility companies was built before the rapid expansion of technology and the ongoing digital transformation. This makes it harder to maintain visibility across all systems. As energy operators converge or integrate their IT and Operational Technology (OT) departments and systems this creates a unique set of interdependences between physical infrastructure and digital systems that can be vulnerable to attack.
Gartner defines OT as:
“Hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in asset-centric enterprises, particularly in production and operations.”
Many utilities also experience this same separation and complexity across their organisational structure which adds to the potential for vulnerabilities.
How can energy companies protect themselves?
The first step is your organization being aware what an attractive target the energy industry is and making sure you budget for adequate investment in your IT security.
The investment you make needs to be proactive, so you are looking for vulnerabilities and attacks rather than plugging the leaks when they happen. Overall, the aim is complete visibility of what is going on both inside and outside your network:
Threat Landscape – Organizations need to understand the vector of potential attacks and gain ongoing visibility of their threat landscape. Applications such as Attack Surface Management (ASM) provide full visibility of your digital presence and potential attack surface. Find out more about ASM.
Cyber Threat Intelligence – A CTI system collects data that is then processed and analyzed to understand a threat actor’s motives, targets, and behaviors. Security decisions, backed by data, allow organizations to become proactive instead of reactive. You can put up defenses but unless you know where threats are coming from how can you protect yourself? Threat Intelligence comes from a range of sources and there are a number of tools that can help you gather and analyze the data to provide meaningful reports such as: Attack Surface Management, which uses its ability to get a full view of your digital footprint to also provide information on potential threats. Cloud-delivered Endpoint Protection (EDR) secures every single endpoint whilst at the same time highlighting the possible risks to those endpoints. Security Operations (SOC) Threat Intelligence can be provided by a Cloud SIEM solution that prioritizes and contextualizes any threats it discovers.
DDOS Protection – Not as sophisticated as some attacks, but just as threatening to your business, you need to make sure you are protected against DDoS attacks and regularly check these defences through DDoS testing – there is no point waiting until you are attacked to find out if your defences work. Discover how you can protect yourself against DDoS attacks with our DDoS mitigation.
But each of these options are not enough by themselves, an holistic approach, taking the ‘best in class’ of a number of cybersecurity systems is the only way to provide the high level IT and OT security protection needed for an industry that is target number one for many malicious actors. A systems integrator such as activereach can provide advice and solutions across your entire infrastructure incorporating the best cybersecurity tools available.
You may also like to read our previous blog Protecting Energy and Utility Companies from DDoS Attacks
To find out more about how activereach can help you with your current cybersecurity challenges, or to conduct a cyber risk assessment, please call us on 0845 625 9025 or complete our contact form.