Outdated Systems Make Energy Industry Firms More Vulnerable To Attacks

By   ISBuzz Team
Writer , Information Security Buzz | Apr 17, 2019 02:30 am PST

It has been reported that Energy industry firms are vulnerable to increased cyber espionage and sabotage attacks due to outdated systems and technology, and poor security posture, prioritisation and awareness, with phishing the most popular method of infiltration, a report warns. Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially, and interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time, according to the report by security firm F-Secure. 

Andrea Carcano, Co-Founder and Chief Product Officer at Nozomi Networks:

Andrea Carcano 1“The report is not particularly surprising as the ICS environment is often the Achilles heel for many energy firms in terms of cyber security. This is because the vast ICS infrastructures are not only challenging to maintain, but have operating life spans of 10-15 years and longer due to the costs involved in replacement.  

Correspondingly, for many energy firms, the investment in People, Processes and Technology to effectively protect ICS infrastructure has been severely lagging when compared to the IT environment. The reports’ claim that phishing attacks are the most popular method tells us that there continues to be security failings at the IT/OT perimeter, and indicates critical gaps in the network monitoring and situation awareness within the converged IT/OT environment.   

The introduction of NIS in May 2018 should hopefully help such organisations with the business cases for change.  Additionally, incidents, such as the recent LockerGoga Ransomware attack and last year’s appearance of GreyEnergy, highlight the impact these threats can have on the energy sector and other industrial organisations.   

The adoption of technologies such as network anomaly detection based on AI & Machine Learning can help organisations to monitor, manage and mitigate threats and vulnerabilities, it can also assist with the efficient use of personnel.”