Cybersecurity Steps for the Energy and Utilities Industry

Here are best practices focused on the energy and utilities sector to help mitigate the risk of ransomware.

Ransomware concerns

Without a doubt, one of the most game-changing innovations is the Internet of Things (IoT). Industry analyst firm IDC expects there will be over 41 billion connected IoT devices by 2025.

The exponential growth of IoT devices in the energy and utilities industry has greatly increased the need to focus on cybersecurity. That said, many industries — perhaps none more so than financial services — recognize that cybersecurity has become more critical, due to factors such as COVID-19, which caused a shift to remote work and the need to secure distributed devices.

We have also seen recognition that businesses must lead with a security-first mindset to be resilient. That has meant the elevation of the CISO to a seat at the proverbial table as a true C-suite leader and trusted board advisor.

Yet, the energy and utility sectors face unique challenges compared to other industries.

For example, in an analysis from McKinsey, experts wrote:

”In our experience working with utility companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyberthreats. First is an increased number of threats and actors targeting utilities: nation-state actors seeking to cause security and economic dislocation, cybercriminals who understand the economic value represented by this sector, and hacktivists out to publicly register their opposition to utilities’ projects or broad agendas. The second vulnerability is utilities’ expansive and increasing attack surface, arising from their geographic and organizational complexity, including the decentralized nature of many organizations’ cybersecurity leadership. Finally the electric-power and gas sector’s unique interdependencies between physical and cyber infrastructure make companies vulnerable to exploitation, including billing fraud with wireless “smart meters,” the commandeering of operational-technology (OT) systems to stop multiple wind turbines, and even physical destruction.”

Let’s look at one type of common and profitable attack that could impact energy and utility companies: ransomware.

What is ransomware?

Ransomware is exactly as the name implies; something valuable to your business is being kept from you until a ransom is paid for its return. In simple terms, ransomware is extortion.

Ransomware, a form of malicious software, blocks you from accessing your computer systems or files until you pay the cyber adversary to allow you access to your information. The ransom is typically requested in crypto currency because of its anonymity and ease of online payment. This translates to no tracing of the origin or destination of the funds.

Knowingly infecting a system with ransomware and requesting payment to unlock the system is a crime. Law enforcement agencies recommend not paying the ransom associated with ransomware. The thought is that if the ransom is paid, you as the victim are then identified as an easy target for further cybercrime and the ransomware attack is perpetuated against others.

Who is the target of ransomware?

Cyber criminals seek the path of least resistance and strike against businesses that are easy targets. Ransomware is a business and the perpetrators, like any good businessperson, are looking for a strong ROI.

The COVID pandemic proved that cyber criminals are ruthless, show no mercy, and will attack the most essential types of businesses, including schools, churches, and hospitals. These cybercriminals follow current events and will launch campaigns tied to incidents in the news, hoping their target will take their bait and open an infected file, browse an infected web page, or click on a malicious link.

While you may think your business to too small to be on the radar of a cybercriminal, think again. Cyber criminals operate on volume. The more businesses they can get to pay ransom, the more money they make.

How does a company become infected with ransomware?

When your business in infected with ransomware, IT or users will get a screen that says something such as: “Your files are locked. Send XXXX bitcoin to this address by a specific date. If you do not pay we will delete/release your files.”

This may seem as though it is something from a movie, but unfortunately, this scenario plays out in businesses around the world every day. And ransomware is becoming more common because the cybercriminals are getting better at disguising themselves.

You might wonder: How did you become infected with ransomware to begin with? It is really quite easy for the cybercriminal to make their way into your business, especially with good disguises such as a realistic looking email from a reputable company or campaigns that play on emotions.

The cybercriminal may enter through:

  • An email attachment such as a PDF or Word document that links to a cybercriminal’s phishing campaign
  • Email links to malicious websites that when clicked, infect your system
  • Infected websites that through simple navigation may infect your computer with ransomware

Seemingly innocuous tasks such as opening an email, downloading an attachment, or navigating to a website can easily infect your business with ransomware.

Why is ransomware used?

Abruptly stopping your business is something that is probably catastrophic. Without access to your digital assets and systems your business cannot move forward and cybercriminals know this.

Cybercriminals use ransomware because they know it works. The ROI on ransomware makes the attacks worthwhile to the cybercriminal. Some businesses do pay the ransomware to avoid a complete stoppage of work.

When should I be on the lookout for a ransomware attack?

Always be aware of ransomware attacks. Once businesses face a complete stoppage from a ransomware attack, cybersecurity is usually taken more seriously. Ransomware is an expensive lesson.

How can energy and utility companies protect themselves from falling prey to ransomware?

You do have to continue with your critically important business. And, protecting your business from ransomware attacks should not force you to go back to analog methods of business. The digital age marches on, even with cybercriminals in our midst.

Some simple ways to help protect your company from ransomware attacks include:

  • Email management. Ransomware is primarily delivered via phishing. Use a tool or service to prevent phishing.
  • Patch management. Ransomware uses known vulnerabilities or gaps in common software — such as productivity applications — to introduce infected websites. Make sure your business is up to date on the software it uses and continue to make updates because software vendors constantly patch their apps.
  • Anti-malware tools. Install these tools across your business to proactively scan for malware and help prevent the installation of it on your systems.
  • Backups. Use the 3-2-1:
    • 3: Make three copies of your data, including the original and two copies
    • 2: Use two different storage types for the copies; this minimizes the chance of failure
    • 1: Keep one copy offsite. This minimizes natural or geographic catastrophes and means you always have a good clean copy of your data
    • Bonus: Back up your most important assets daily

Ransomware is clearly a reason for the utilities and energy industries to take cybersecurity more seriously. It may mean the sector could create new roles to fill gaps in the business risk and IT departments, drive additional compliance and regulatory requirements, and in general increase the budget allocated to cybersecurity.

If your company lacks cybersecurity expertise at this time, you may look at hiring trusted and experienced consultants to help.

Take control by proactively making your company a place that cybercriminals do not want to visit.


Copyright © 2021 IDG Communications, Inc.