Thales: Surging Cyber Threats Target Energy Infrastructure

Share
Thales says shy of half of critical infrastructure organisations have experienced a data breach
Thales' 2024 Data Threat Report reveals 42% of critical infrastructure companies, including energy infrastructure, faced cyber breaches

As demand on energy infrastructure continues to grow, so do cyber threats. This surge in malicious activity against critical industries (CIs) is posing significant risk.

This worrying trend has been highlighted in the 2024 Data Threat Report by IT consultancy Thales, which highlights cyber threats among the energy industries’ growing challenges.

Youtube Placeholder

Some of the report’s findings are startling — shy of half of critical infrastructure organisations have experienced a data breach, with ransomware attacks becoming increasingly prevalent. As well as this, 93% have observed an increase in attacks.

Why are cyber threats a growing menace to the energy industry?

Thanks to the complexity of systems and the reliance on legacy OT systems making easy prey, the energy sector is a favourite target for threat actors.

“By operating complex, highly diverse and inter-dependent technologies, the range of risks on the table is also diverse,” Tony Burton, Managing Director of Cyber Security & Trust at Thales UK said.

Tony Burton, Managing Director of Cyber Security & Trust at Thales UK

“This report highlights the need for CI organisations to take proactive measures to build cyber resilience across their distributed operations, addressing human error, ransomware, compliance and access management concerns.

“Emerging technologies, if leveraged appropriately, will ultimately provide greater efficiencies and security on these fronts.”

What have been the most common threats and challenges? Malware, phishing and ransomware top the list, Thales reported, with almost a quarter reporting to have fallen victim to a ransomware attack in the last 12 months, with 11% paying the ransom.  

This is in part due to the critical nature of these systems, threat actors know that ransoms will be paid to keep downtime to a minimum.

What are the leading causes of cloud-based breaches in the energy sector?

Thales states that these are among the top reasons for cloud-based breaches in CI organisations.

  1. 34%: Human error
  2. 31%: Exploiting a known vulnerability
  3. 20%: Failure to apply multi-factor authentication

As well as this, 30% of CI organisations also experienced an insider threat incident.

With complacency not a desirable attribute when it comes to cybersecurity, Thales’ research encourages proactiveness to bolster energy’s defences against malicious actors.

This comes after 69% of CI respondents said they are worried about the risk of encryption compromise when quantum computing becomes a reality. Despite this, only 50% plan to create resilience contingency plans to satisfy quantum computing security concerns in the next 18-24 months. 

It also pinpointed the shift to cloud environments as a problem point for CI organisations, with 51% agreeing that managing security in the cloud is more complex than managing security within on-premise environments. The majority, coming in at 55%, declared they are concerned about the security of their data in the cloud, highlighting the need for robust cloud security measures.

IEA: Utilities are finding it difficult to defend themselves

The International Energy Agency (IEA) states that cyberattack trends across the energy landscape pose an unprecedented threat to critical infrastructure.

The body identifies that, because utilities face serious difficulties in finding and retaining skilled professional talent, the industry often lacks the defences needed to secure themselves.

Fatih Birol, Executive Director of the International Energy Agency

“As with most industries, utilities increasingly use digital technologies to better manage plants, grids and business operations, which contributes to energy security by improving quality of supply, providing additional services to customers and enabling clean energy transitions through the integration of distributed energy resources,” the IEA said. 

“However, this progress comes with risks. Digital systems, telecommunication equipment and sensors throughout the grid increase utilities’ exposure, as each element provides an additional entry point for cybercriminal organisations.”

**************

Make sure you check out the latest edition of Energy Digital Magazine and also sign up to our global conference series - Sustainability LIVE 2024

**************

Energy Digital is a BizClik brand.

Share

Featured Articles

Q&A with Amex GBT’s Director of Global Sustainability

Nicole Sautter, Director of Global Sustainability at Amex GBT, shares how it and Shell Aviation are key to reaching SAF goals with the Avelia programme

China's Pivotal Role in the Global Clean Energy Sector

We explore how China, a clean energy leader, drives the global clean energy market, investing heavily in renewables and leading technological innovations

IEF Explores the 'Paradox' of Mining's Role in Clean Energy

The International Energy Forum (IEF) identifies mining's critical yet challenging role in achieving a sustainable, electrified future

CDP: Critical Gaps in Corporate Renewable Energy Targets

Renewable Energy

Gartner says AI's Hunger for Power Strains Data Centres

Technology & AI

Shell, Equinor, Uniper & the Global Energy Storage Problem

Renewable Energy