By Brett Raybould, EMEA Solutions Architect at Menlo Security
The ransomware attack on Colonial Pipeline, the largest fuel pipeline in the US has shown just how vulnerable the energy industry is to cyber-attacks. Brett Raybould, EMEA Solutions Architect at Menlo Security, looks at what it takes to keep the lights on.
In threat reports, the energy and utilities sector often tops the list of industries in terms of the number of attacks and cost of remediation.
In its 2021 Cyber Readiness Report, insurer Hiscox, gave the energy industry the highest risk score, with an average remediation cost of $35,439 per incident.
Earlier this year, the ransomware attack on Colonial Pipeline, which carries 45% of the East Coast’s supply of diesel, gasoline and jet fuel, sent shockwaves across the industry and around the world. But it is just one of a number of breaches that have impacted critical infrastructure and supply chains over the last 12 months.
While the attack made headlines and led to shortages, it was certainly not the only one to cause disruptions. So what makes this sector particularly vulnerable?
McKinsey & Company has suggested three reasons based on their experience:
- The first is the strategic infrastructure and economic value of this sector. Nation-state actors and hacktivists can cause significant commercial and societal disruption, or use techniques, such as ransomware to draw attention to their political agendas. With energy and utility companies under huge pressure to maintain availability of services, they are very likely to pay ransoms. Colonial Pipeline is reported to have paid a $4.4 million ransom.
- Energy and utility companies are often sophisticated and geographically diverse. As a result of the pandemic, a growing portion of the workforce is now working remotely and will continue to do so. Decentralized cyber teams must manage an increased attack surface created by these factors, by eliminating threats from the web, documents and email.
- Energy and utility companies often have complex interdependencies between physical and IT infrastructure. Cyber professionals are responsible for managing the risk posed by unique endpoints – from new and innovative digital customer interfaces to a complex assortment of operational technology (OT) – all of which can be possible points of vulnerability.
If they are to defend themselves against an increasing number of attacks, companies must mobilize their capabilities to proactively prevent users, data and applications from providing an easy first point of entry for attackers – whatever their motivation.
To achieve this, security professionals are exploring strategic approaches, such as Zero Trust and Secure Access Service Edge, or SASE, and deploying solutions that create an ‘air gap’ between the user and the Internet, such as secure web gateways powered by isolation.
Isolation ensures no entity can connect directly to an organisation’s devices as the first step of an attack, even if a user clicks on a malicious link or downloads a suspicious document.
Helping energy companies
Gösgen Nuclear Power Plant in Switzerland is one of the many organizations we work with in this sector, supporting the cybersecurity team to reduce their cyber risk level while promoting employee productivity. This is a common balancing act for security teams who need to provide employees with Internet access without putting the organization at risk.
A homegrown isolation solution was already deployed and proved very effective at shutting down malware access to endpoints, but it was hard to maintain and could impact essential user productivity.
Now employees of the Gösgen Nuclear Power Plant and some of their strategic supply chain partners have been surfing productively via our isolation-powered secure web gateway.
Gösgen’s IT Security Officer, Francois Gasser and his team are confident that no malicious code can reach endpoints, so now allow employee access to websites that were previously blocked. We’ve also helped reduce manual administration and improve productivity for the team by generating exceptions directly from log files to speed time to resolution.
Taking action on ransomware
For energy and utility organizations, the race is on to establish a prevention based approach to cybersecurity, rather than rely on legacy detect-and-respond that has resulted in significant losses for businesses.
For many, this means a Zero Trust approach to security – which creates an air gap and assumes that no traffic should be trusted – is high on their agenda. Zero Trust includes browser-based Internet traffic, as well as content within every email and document attachment.
But Zero Trust must also work at speed and scale making the legacy on-premises, appliance-based proxies that conduct standard URL filtering and sandboxing just too laborious and inflexible to stop the real threat of ransomware in its tracks. This is where isolation comes in.
Other organizations in the energy and utilities sector are deploying solutions to prevent malicious code from ever reaching the network perimeter, mobilizing isolation-powered cloud security to shut the door on malware for good and significantly reducing operational and commercial risk.
Detection should always play a role in a layered cybersecurity strategy, but focusing on a proactive, pragmatic prevention strategy gives the business, employees and partners the security they need to avoid ransomware and other sophisticated forms of attack – and, ultimately, make sure the lights don’t go out.
About the Author
Brett Raybould is EMEA Solutions Architect at Menlo Security, a leader in cloud security. In this role, he is responsible for technical sales, product demonstrations, installations, solution proposals and evaluations. Brett joined Menlo Security in 2016 and discovered how Isolation technology provides a new approach to solving the problems that detection-based systems continue to struggle with. Passionate about security, Brett has worked for over 15 years for some of the leading vendors specialising in the detection of inbound threats across web and email, and data loss prevention (DLP) including FireEye and Websense. He has represented Menlo Security as a speaker at industry events, including e-Crime & Cybersecurity Congress and Cloud Security Expo.