One of the factors, that affects the vulnerability of the energy sector, is that all other industry sectors rely on the availability of energy. The stability of the energy sector is what keeps the wheels of the economy spinning and this makes energy companies a vital supplier to businesses, communities and individuals. Enabling heat and electricity, the sector is thereby targeted by criminals looking to cash in.
Mikko Peltonen, Head of Digital Risks & Cyber at If P&C adds; “The energy sector is also part of the critical infrastructure that underpins national security.'' For that reason, cyber-attacks against the energy sector are often perceived as attacks on the country itself.”
The number of threats has increased
The number of threats from nation-state actors has increased immensely over the previous years.
In fact, Microsoft highlights in its Digital Defense Report for 2020, that “nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services.”
Although an exact figure regarding the increase in nation-state attacks is difficult to validate, it is clear that cybercrime has exploded during the COVID-19 pandemic. In fact, in the aforementioned report, Microsoft identified 16 different nation-states, “targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics.”
The energy sector is also targeted to get sensitive data on power grids, locations of power stations, generators, substations and transformers for the purpose of espionage, sabotage and hybrid warfare. This kind of cybercrime is often rooted in political and economic motives.
A third factor, that puts the sector into a vulnerable position, is the many emerging innovative technical solutions, that are being put into use every day. The industry is getting smarter, more digitalised, as well as increasingly connected. At the same time, there is a rise in sophistication among cyber criminals who are exploiting complex vulnerabilities in companies’ supply chain.