Thales: Surging Cyber Threats Target Energy Infrastructure
As demand on energy infrastructure continues to grow, so do cyber threats. This surge in malicious activity against critical industries (CIs) is posing significant risk.
This worrying trend has been highlighted in the 2024 Data Threat Report by IT consultancy Thales, which highlights cyber threats among the energy industries’ growing challenges.
Some of the report’s findings are startling — shy of half of critical infrastructure organisations have experienced a data breach, with ransomware attacks becoming increasingly prevalent. As well as this, 93% have observed an increase in attacks.
Why are cyber threats a growing menace to the energy industry?
Thanks to the complexity of systems and the reliance on legacy OT systems making easy prey, the energy sector is a favourite target for threat actors.
“By operating complex, highly diverse and inter-dependent technologies, the range of risks on the table is also diverse,” Tony Burton, Managing Director of Cyber Security & Trust at Thales UK said.
“This report highlights the need for CI organisations to take proactive measures to build cyber resilience across their distributed operations, addressing human error, ransomware, compliance and access management concerns.
“Emerging technologies, if leveraged appropriately, will ultimately provide greater efficiencies and security on these fronts.”
What have been the most common threats and challenges? Malware, phishing and ransomware top the list, Thales reported, with almost a quarter reporting to have fallen victim to a ransomware attack in the last 12 months, with 11% paying the ransom.
This is in part due to the critical nature of these systems, threat actors know that ransoms will be paid to keep downtime to a minimum.
What are the leading causes of cloud-based breaches in the energy sector?
Thales states that these are among the top reasons for cloud-based breaches in CI organisations.
- 34%: Human error
- 31%: Exploiting a known vulnerability
- 20%: Failure to apply multi-factor authentication
As well as this, 30% of CI organisations also experienced an insider threat incident.
With complacency not a desirable attribute when it comes to cybersecurity, Thales’ research encourages proactiveness to bolster energy’s defences against malicious actors.
This comes after 69% of CI respondents said they are worried about the risk of encryption compromise when quantum computing becomes a reality. Despite this, only 50% plan to create resilience contingency plans to satisfy quantum computing security concerns in the next 18-24 months.
It also pinpointed the shift to cloud environments as a problem point for CI organisations, with 51% agreeing that managing security in the cloud is more complex than managing security within on-premise environments. The majority, coming in at 55%, declared they are concerned about the security of their data in the cloud, highlighting the need for robust cloud security measures.
IEA: Utilities are finding it difficult to defend themselves
The International Energy Agency (IEA) states that cyberattack trends across the energy landscape pose an unprecedented threat to critical infrastructure.
The body identifies that, because utilities face serious difficulties in finding and retaining skilled professional talent, the industry often lacks the defences needed to secure themselves.
“As with most industries, utilities increasingly use digital technologies to better manage plants, grids and business operations, which contributes to energy security by improving quality of supply, providing additional services to customers and enabling clean energy transitions through the integration of distributed energy resources,” the IEA said.
“However, this progress comes with risks. Digital systems, telecommunication equipment and sensors throughout the grid increase utilities’ exposure, as each element provides an additional entry point for cybercriminal organisations.”
**************
Make sure you check out the latest edition of Energy Digital Magazine and also sign up to our global conference series - Sustainability LIVE 2024
**************
Energy Digital is a BizClik brand.