Successful attacks on energy and utility companies such as Colonial Pipeline or Ukrainian Energy Utilities show how far-reaching an attack can be. In many cases, the first steps of the attack take place via sophisticated email attacks.
Energy and utility companies are increasingly using digital technologies to manage and integrate complex distributed operations and remote locations such as wind farms, power plants and grids. Successful attacks on energy and utility companies show how far-reaching their impact can be.
One example is the May 2021 ransomware attack on Colonial Pipeline, the largest fuel pipeline in the United States. This led to a $4,4 million ransom payment as well as fuel shortages and panic buying among drivers. Almost a year later in April 2022, three wind energy companies in Germany fell victim to cyber attacks that paralyzed thousands of digitally controlled wind turbines.
Email Attacks: Energy and Utilities Sector Affected
A recent international study of mid-sized companies commissioned by Barracuda found that 2022 percent of respondents from the energy, oil and gas, and utilities industries experienced an email security breach in 81. In comparison, the overall value for all sectors surveyed was 75 percent. Of all the industries surveyed, energy and utility companies were also the most affected by loss of employee productivity, with more than half (52 percent) reporting this as a result of the attack, compared to just 38 percent overall. The drop in productivity is likely related to the fact that 48 percent of respondents had more than half of their workforce working in the field and those employees were unable to work during the downtime.
An above-average proportion in the energy and utilities sector (50 percent) also stated that they had suffered reputational damage due to email security violations. As a highly regulated and competitive critical infrastructure with a broad end-user base, a security incident can affect many people, damage customer relationships and lead to negative media coverage in terms of fines or regulatory violations.
Heavily and often repeatedly affected by ransomware attacks
The higher-than-average proportion of companies affected by a successful email security breach makes it almost inevitable that the proportion of companies affected by other attacks, including ransomware, is also relatively high. In fact, 85 percent of respondents from the energy and utilities sector were affected by ransomware, compared to 75 percent overall. 56 percent in this sector reported two or more successful ransomware attacks (versus 38 percent overall). This suggests that attacks are not always completely neutralized or vulnerabilities are not always identified and remedied after the initial incident.
The good news is that almost two-thirds (62 percent) were able to restore encrypted data using backups (compared to 52 percent overall), although 31 percent paid the ransom to restore their data.
Almost four days for an email security incident to be detected and remedied
Additionally, the survey shows that energy and utilities take slightly longer than many other industries to detect an email security incident: an average of 51 hours, compared to 43 hours overall. However, the sector was quicker than most in responding to and resolving the incident - an average of 42 hours compared to 56 hours overall.
In this sector, 46 percent of respondents cited a lack of automation (versus 38 percent overall) and 40 percent cited a lack of transparency (versus 29 percent overall) as the biggest barriers to rapid response and mitigation.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.