t cht lk ransom , because these organisations understand that in the energy sector , continued operations are critical . Victims may feel obligated to stop all systems as fast as possible and even pay a ransom .
Phil Tonkin , Senior Director of Strategy at Dragos
Ransomware has been intensifying but there are new and additional threat events in an environment that is becoming increasingly digitised . These range from attempts to steal customers ’ data from those organisations , all the way through to adversaries who may try to switch off the power supply .
What are the aims of threat actors targeting organisations in this sector ?
The aims of different actors are variable . It is a complex and expensive thing to plan and initiate a targeted attack against an energy organisation . Often the aim is to somehow extort some sort of financial benefit from organisations .
It could be the payment of a ransom or that they ’ ve been paid by a different group to gain access into those environments . In a few cases , they ’ re looking for the kudos of having accessed those spaces . Some may just be trying to cause disruption out of protest . There are other reasons why somebody may want to get into these environments but in the majority of cases , it is criminal groups trying to get access into the environment to gain some sort of financial benefit .
What are the bigger implications on the organisation as a result of a successful attack ?
The ramifications for energy companies as a result of an attack are far-reaching . The first consideration of most energy companies is providing their commodity to customers . Whether that ’ s gas and oil or electricity , these commodities are vital to society . The number one concern of most organisations is making sure that that supply of energy reaches the customers that need it because of its importance in civilisation .
Other considerations are around how those businesses operate . Quite often , there are financial considerations , whether it ’ s an immediate financial impact through the loss of supply , the inability to
Ransomware has been intensifying but there are new and additional threat events in an environment that is becoming increasingly digitised .
bill for the energy that is supplied or the impact it makes on the reputation of the company , which has a knock-on to its value . These are very widespread consequences that come from these events and it can often be very difficult for an organisation to measure the impact .
What are the tools and technologies that organisations need to protect against these threats ?
For many energy companies , the best form of defence is a secure perimeter – having really good visibility and an understanding of how actors may try to get into their environment . Actors that target energy organisations are persistent and will use multiple techniques and tactics to get through those environments to ultimately achieve their aims , so it ’ s very important to have visibility of those networks to understand the assets you have , how they ’ re connected and how they can be exploited .
Once you have visibility of your network , you can then start to understand the vulnerabilities those assets may have and which ones are important to you . You can identify the assets that have the greatest consequence and put in place the right actions to manage risks within those spaces . One of the increasing capabilities that most organisations need – particularly in the post-pandemic world – is remote access . It ’ s almost impossible for any business to operate without some sort of remote access , even for the most critical organisations .
Having secure tooling that ensures only specific people can access certain environments , and the actions that those people take in that space are appropriately actioned and monitored , is very important , along with Multi-Factor Authentication .
78 INTELLIGENTCIO EUROPE www . intelligentcio . com