There is an increased focus on cybersecurity among governments and energy and utilities organizations worldwide, and for good reason. Attacks on critical infrastructure such as fuel, electricity and drinking water carry the potential for damage far beyond their economic impact. As demonstrated by incidents such as the notorious shutdown of several Iranian nuclear centrifuges by Stuxnet in 2010, and the Shamoon malware attacks in November 2016 and January 2017 against Gulf state organizations, the stakes for energy and utilities companies are higher than ever. The health and welfare of whole nations could potentially be at risk.

Attackers Set Their Sights on Industrial Control Systems

A great many industrial control system (ICS) configurations, including SCADA systems, distributed control systems (DCS) and programmable logic controllers (PLCs), are operating in the energy and utilities industry. In December, IBM X-Force Threat Research reported that attacks targeting ICS systems increased by more than 110 percent in 2016. At midyear 2017, attacks are projected to equal or possibly surpass the volume observed in 2016.


Source: IBM Managed Security Services data, Jan. 1, 2013 to July 15, 2017.

The Who and the How

In the energy and utilities sector, IBM Managed Security Services (MSS) 2016 data revealed that unintentional and malicious attacks were made up of 60 percent outsiders and 40 percent insiders. Within the insider group, there were more inadvertent actors (24 percent) than malicious insiders (16 percent).


Source: IBM Managed Security Services data, Jan. 1 to Dec. 31, 2016.

IBM MSS analysis of 2016 data also revealed that the top attack vector, which involved the use of malicious input data to attempt to control or disrupt a system, targeted 60 percent of the energy and utilities clients monitored by IBM X-Force. That figure was notably higher than the 42 percent average across all industries.


Source: IBM Managed Security Services data, Jan. 1 to Dec. 31, 2016.

More Resources for Energy and Utilities Companies

From network break-ins to ransomware to seizing control systems, attacks against energy and utilities companies are on the rise. A proper assessment of information security risk is critical to the effective direction of your IT investment, critical assets and utilization of resources.

Refer to the IBM report, “Energy and Utility Companies: Targeted on All Sides,” for recommendations to consider when making strategic decisions to help safeguard your business.

Read the complete Report: Energy and Utility Companies — Targeted on all sides

More from Energy & Utility

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today