The energy sector is being targeted by cyber attacks like never before. Since 2017, there have been 45 attacks on the energy sector, with only 13 of them taking place before July of 2022. This comes on the heels of more and more industrial systems coming online, a lack of investment into energy cybersecurity, and the undeniable threat of unintentional human error.
In this article, we’ll highlight what’s at stake for the energy sector, the source of most cyber threats, and solutions organizations can adopt to counter those threats.
The Precedent for Energy Cybersecurity: Convergence
For a long time, protecting critical infrastructure from potential cyber attacks wasn’t something most in the industry worried about. Virtually all operational technology (OT) systems were ‘air gapped,’ meaning they weren’t connected to any information technology (IT) systems. Times have changed since then.
The continued convergence of IT and OT systems was seen as a necessary evolution to drastically increase cost savings and prevent downtime for critical infrastructure. This came in the form of enhanced real-time performance monitoring, the ability for operators to access systems remotely, and all manner of analytics to drive optimization. The pandemic accelerated this evolution to a point of no return. The result? A staggering 140% surge in cyberattacks against industrial operations in 2022.
Of these attacks, the energy sector is targeted the most at 39%, roughly triple the amount of attacks on any other sector.
What is at Stake When it Comes to Energy Cybersecurity?
In the energy sector, downtime doesn’t just come at the cost of catastrophic monetary losses, it could drastically harm public safety and the everyday functions of society. With so much at stake, highly sophisticated state-sponsored hacking groups and ransomware organizations recognize how lucrative it can be to break through energy cybersecurity defenses.
Just in 2021, a privately owned pipeline company providing fuel to most of the east coast was forced to halt their supply chain operations in an effort to contain the spreading of ransomware that had compromised their systems. The U.S. federal government declared it an emergency as swarms of panicked Americans reportedly filled up bags of fuel from gas stations for fear they wouldn’t be able to make it to their jobs and schools for a prolonged period of time. Five bitcoin (approximately worth $5M USD at the time) was paid to a ransomware group known as DarkSide.
Similar catastrophic breaches to energy cybersecurity across the world have involved the Ukraine power grid attack of 2015 that left approximately 230,000 residents without power for several hours and the suspected hacking of India’s power grid that caused a power outage for millions of people in Mumbai. While the specific exploits used in breaches like these are not often disclosed to the public for fear of copycat attacks, we do know that the breach to Ukraine’s power grid was a result of a successful spear phishing attempt. It’s clear that even on the world stage one exploit reigns king: unintentional human error.
The Biggest Threat to Energy Cybersecurity: Unintentional Human Error
While most attacks on critical infrastructure are led by external entities, people that are already on the inside are the most common exploit.
74% of breaches involve the human element according to the Verizon 2023 DBIR, and our own research has found that 8% of users cause 80% of security incidents.
Phishing and other forms of social engineering are a huge threat to the energy sector because it turns every employee into a potential attack vector. If threat actors can convince someone with any amount of access to an organization’s systems that they are legitimate, then they can move laterally to infect several other systems with ransomware.
Engaging employees at an individual level to improve their security posture over time is an effective long-term practice to defend against unintentional human error, but it can’t always mitigate the immediate threat of employees who have not yet reached an adequate level of security savvy. That’s where identity threat detection and response (IDTR) solutions come in.
Fortifying Energy Cybersecurity with Identity Threat Detection and Response (IDTR)
Less than a third of critical infrastructure companies have zero-trust architecture and only 37% have fully deployed multifactor authentication. IDTR is an essential line of defense for these organizations facing identity-based problems.
IDTR monitors and analyzes user activity to flag any suspicious behavior and automate an appropriate response. This might involve blocking access to a compromised account or alerting security personnel.
Identity Threat Detection and Response with Elevate Security
Elevate Security equips businesses in the energy sector with a robust dashboard that gives them visibility into the individual risk of each employee within the enterprise. Using these insights, IT administrators can create custom playbooks for each employee by defining specific rules to better protect at-risk employees.
Elevate’s people-centered risk management platform has made a huge difference for our clients in energy cybersecurity. A global energy firm we worked with achieved the following results:
- 6.3X increase in phishing reports
- 3.8X increase in identified phishing emails
- 6.2X increase in blocked phishing attacks
Final Thoughts
Strong, effective energy cybersecurity is essential for protecting the basic functions of society. It starts by getting a handle on the riskiest users in the energy sector.
If you’re ready to start mitigating insider risk with a right-fit, human-centered approach, reach out to Elevate Security. We’d be happy to discuss how we can transform your organization’s cybersecurity posture.