There is an increased focus on cybersecurity among governments and energy and utilities organizations worldwide, and for good reason. Attacks on critical infrastructure such as fuel, electricity and drinking water carry the potential for damage far beyond their economic impact. As demonstrated by incidents such as the notorious shutdown of several Iranian nuclear centrifuges by Stuxnet in 2010, and the Shamoon malware attacks in November 2016 and January 2017 against Gulf state organizations, the stakes for energy and utilities companies are higher than ever. The health and welfare of whole nations could potentially be at risk.

Attackers Set Their Sights on Industrial Control Systems

A great many industrial control system (ICS) configurations, including SCADA systems, distributed control systems (DCS) and programmable logic controllers (PLCs), are operating in the energy and utilities industry. In December, IBM X-Force Threat Research reported that attacks targeting ICS systems increased by more than 110 percent in 2016. At midyear 2017, attacks are projected to equal or possibly surpass the volume observed in 2016.

Source: IBM Managed Security Services data, Jan. 1, 2013 to July 15, 2017.

The Who and the How

In the energy and utilities sector, IBM Managed Security Services (MSS) 2016 data revealed that unintentional and malicious attacks were made up of 60 percent outsiders and 40 percent insiders. Within the insider group, there were more inadvertent actors (24 percent) than malicious insiders (16 percent).

Source: IBM Managed Security Services data, Jan. 1 to Dec. 31, 2016.

IBM MSS analysis of 2016 data also revealed that the top attack vector, which involved the use of malicious input data to attempt to control or disrupt a system, targeted 60 percent of the energy and utilities clients monitored by IBM X-Force. That figure was notably higher than the 42 percent average across all industries.

Source: IBM Managed Security Services data, Jan. 1 to Dec. 31, 2016.

More Resources for Energy and Utilities Companies

From network break-ins to ransomware to seizing control systems, attacks against energy and utilities companies are on the rise. A proper assessment of information security risk is critical to the effective direction of your IT investment, critical assets and utilization of resources.

Refer to the IBM report, “Energy and Utility Companies: Targeted on All Sides,” for recommendations to consider when making strategic decisions to help safeguard your business.

Read the complete Report: Energy and Utility Companies — Targeted on all sides