The energy sector is a target of choice for hackers, as data on attacks from recent months shows. In fact, cyber attacks on the energy sector increased by 33% between June and August. Even before that, however, the energy sector was the sector with the highest costs for data breach. A trend destined to grow.
Once again this is a number with a direct impact on people's lives as the related costs will be passed on to bills, along with the more general increase in global costs. At the same time, however, the risk also concerns the provision of the service itself, which could be interrupted or be suspended. A general situation of instability and insecurity that offers fertile ground for cybercriminals, who could directly target people by leveraging anxieties and the continuous search for savings, thus luring unsuspecting users into real digital traps designed to steal personal data.
A global threat.
A critical situation globally. In France, one of the most important companies operating in the energy sector has raised the alert level for the prevention of cyber attacks. Companies such as the Lithuanian Ignitis, the English Fulcrum or the Greek DESFA, among the main suppliers of natural gas in the country, have already been hit by cyber threats. In July of this year, Ignitis was hit by what has been called the largest cyber attack of the last decade, with a series of DDoS attacks that resulted in the suspension of some services. In August, DESFA also stated that it was hit by a ransomware attack that would fall under what is known as "double extortion". In fact, the cybercriminals who claimed responsibility for the attack also threatened the publication of hundreds of GB of stolen data.
The weakness of suppliers.
One of the points of particular fragility is represented by the supply chain, made up of small and medium-sized enterprises that gravitate around the big energy giants. In fact, the latter have resources and skills for cyber security, which is not always the case for smaller companies, which thus become the preferred access route to violate the IT systems of the main companies. While large companies can implement effective strategies to prevent and manage attacks, they may have more difficulty monitoring the entire supply chain, creating access points that criminals can more easily exploit.
At the European level there is a plan for the defense of strategic infrastructures, and it has been updated a few months ago with the Nis2 directive, which expands the previous criteria with regard to critical infrastructures. While large corporations are involved, small businesses are virtually excluded unless they are directly involved in providing essential services or operating in particular key sectors. According to experts, government guidelines would be needed to prevent cybercriminals from accessing the systems of a company that follows the directive through the vulnerabilities found in small suppliers, too often lacking both adequate resources and technologies.