How Threat Intelligence Helps the Energy Sector Fight Cyberespionage
August 13, 2019 • The Recorded Future Team
When it comes to cyber threats, some industries have it harder than others. Few are as heavily targeted by sophisticated cyberattacks as the energy sector.
Over the last decade, state-sponsored hacking groups have routinely targeted utility networks and other energy providers for the purposes of espionage and disruption. And according to the latest research, advanced persistent threat (APT) group attacks against critical infrastructure are still going strong.
Outages are merely annoying for many industries, but in the energy sector — which provides power to millions of household customers, public services, military functions, hospitals, and others — service outages are much more critical. Securing companies in the energy sector is growing more difficult with each passing year.
Energy companies have extremely large and complex network environments and are increasingly employing connected internet of things (IoT), operational technology (OT), and industrial control system (ICS) devices to improve efficiency and unlock new business models. An unfortunate side effect of this innovation is the effect it has on security — more connected devices mean a larger attack surface with more entry points.
In this article, we’ll take a closer look at cyber threats facing the energy sector, and how energy companies can use threat intelligence to enhance their security programs and control cyber risk.
The Espionage Arms Race
As we’ve already seen, there are plenty of reasons for advanced threat groups to target energy companies. So it’s hardly surprising that many companies in the energy sector have already experienced serious breaches.
And if you’re wondering why you haven’t heard about more of them in the news, the answer is simple. Most are never reported publicly because the companies — and in many cases, their governments — don’t want to draw attention to them. With that said, there has been plenty of industry (and even media) attention on the problem as a whole. According to recent reports, some of the most prolific and advanced threat groups focused on the energy sector include:
In general, campaigns by these groups have been focused on espionage and disruption. Going forward, as companies continue to invest in R&D for alternative energy production projects, the sector can expect even more espionage-incentivized attacks as nation-states vie for energy security. Naturally, all this cyber activity doesn’t come without its costs.
According to Ponemon’s 2018 Cost of Data Breach Study, it takes the average energy company 150 days to detect a data breach, and a further 72 days to contain it. That places the energy sector second only to financial services for its ability to identify and contain breaches.
In terms of impact, data breaches cost energy companies around $167 per record. Unsurprisingly, regulatory fines tend to make up a large portion of these costs, although repair and remediation costs can also be significant. There’s a further, hidden cost, of course — churn rate. Following a data breach, energy companies lose 3% of their customers to competitors.
Threat Intelligence for the Energy Sector
Protecting an organization from cyber threats is never an easy task. Security professionals at large organizations routinely receive millions of threat alerts per day, which is enough to overwhelm even the most well-provisioned teams. On top of that, security teams at energy companies also have to combat some of the most sophisticated attacks (and attackers) the world has to offer.
This is where threat intelligence comes in: it helps security teams in the energy sector prioritize their time and resources based on the activities that will have the greatest impact on real-world cyber risk.
Common use cases include:
- Vulnerability Management: Energy companies typically have extremely large and complex network architectures to defend. To do this properly, they must be able to accurately identify and patch the most dangerous vulnerabilities first. Threat intelligence helps security teams prioritize and patch vulnerabilities based on the actual level of risk they pose to the organization.
- Better Asset Allocation: Unsurprisingly, energy companies tend to allocate a greater proportion of resources to security than companies in other industries. But even in the energy sector, security resources are far from infinite, and security leaders must find a way to allocate them based on which initiatives will have the greatest impact on cyber risk. Threat intelligence helps security leaders in the energy sector measure the maturity of their programs objectively based on what’s happening in their threat landscape right now. As a result, they make better decisions about where and how to invest resources.
- Proactive Security Measures: In an industry that’s as heavily attacked as the energy sector, proactive security measures are essential. This usually involves penetration testing (of networks, applications, websites, hardware, and so on), red teaming, internal hunting, and other similar processes.
But proactive security measures can easily get sidetracked and end up focusing on theoretical possibilities instead of the techniques that are being used in the real world. Real-time threat intelligence helps security teams focus their efforts on the assets and systems most likely to be attacked, using the techniques most likely to be employed by real-world threat groups.
Active Defense Against State-Sponsored Attackers
As the international “arms race” for new and better energy sources, technologies, and infrastructure heats up, energy and utility companies will continue to be faced with an onslaught of sophisticated cyberattacks.
Threat intelligence helps companies in the energy sector make better decisions about how and where to invest security resources to maximally reduce cyber risk. In particular, it enables security teams to proactively harden infrastructure and security technologies in the areas most likely to be targeted.
If your organization isn’t currently using threat intelligence, here’s an easy way to get started: Sign up for our free Cyber Daily newsletter, and you’ll receive the top cyber security intelligence direct to your inbox each morning. That includes:
- Top targeted industries
- Most active threat actors
- Most exploited vulnerabilities
- Trending malware
- The latest suspicious IPs
- And much more
Subscribe today and use this intelligence to keep your organization — and your customers’ data — safe from cyber threats.