How the energy industry can defend against increasing ransomware attacks?

By James Derbyshire, browser isolation expert at Garrison

Critical infrastructure businesses have faced a barrage of ransomware attacks in recent years. Research shows that in 2022, the energy sector was the top target industry for cybercriminals for the second time in a row – accounting for 16% of all incidents.

Ransomware works by encrypting data on a device or within a wider network, making the files and systems inaccessible until a ransom is paid. Over the past 10 years, these attacks have increased in frequency, complexity and threat level – they are harder to detect and potentially more damaging once they enter a network. They can severely disrupt business operations and severely limit an energy company’s ability to deliver critical services.

One of the most infamous ransomware attacks was on the Colonial Pipeline in 2021, which disrupted fuel supplies for around 50 million people and led to fuel shortages, fuel price rises and cancelled flights across the US East Coast. The incident led to Colonial handing over a reported $5 million ransom to the Russian based cyber gang behind the attack, but the full financial impact is estimated to be far greater.

Web browser vulnerability

Energy companies are popular ransomware targets due to the significant disruption that can be caused and also due to the exploitable vulnerabilities. At the same time, the attack surface of many companies has increased due to factors that range from increasingly distributed power networks to a growth in the use of smart meters in consumer homes.

Arguably the biggest threat vector within the energy sector is the trusted web browser. This is the starting point for almost every business activity – providing access to trusted online systems and cloud services, and also the wider internet.

The browser enables employees to easily authorise almost any website to send, install and run programmes on their machine, despite usually having a lack of knowledge about the website’s true owner or their security practices. The site may be run by a threat actor, or may have been compromised by an attacker, meaning that a seemingly innocuous link clicked could contain the ransomware that upends critical operations and causes significant financial loss to the company.

Why common security approaches don’t work

The majority of ransomware attacks use social engineering techniques, such as phishing emails, which trick employees into unknowingly allowing the malware in. Malware can then go undetected in a network for a significant period of time until the threat actor decides how to use the company’s data.

This is why companies across industries, including the energy sector, have invested heavily in employee training. However, this approach to security doesn’t work since the sophistication of these attacks means that they often appear legitimate, even to the most knowledgeable of employees. No amount of employee training can ensure that staff never click on compromised links.

Many organisations also rely on tools that identify and respond to malware. However, this too is a flawed approach. Firstly, these technologies don’t stop the malware from entering a business network – all they do is detect it once it has successfully found a route in. And secondly, these tools are powerless against zero-day attacks – they only protect against behaviour that is already known to be suspicious.

Stepping up security

Browser Isolation is a solution that is growing in popularity amongst security-conscious businesses. Rather than relying on detection or on controlling employee behaviour, Browser Isolation works by creating an impermeable buffer between the employee’s device and the internet. The result is that employees can click any link or visit any website without the risk of ransomware infiltration.

Browser Isolation applies a technique called ‘Pixel Pushing’ which converts the browsed web page into a safe, interactive video stream. It does this while ensuring that the user’s web experience remains the same – employees can browse the internet, send emails, watch videos and plenty more besides, exactly as they did before.

Redesigning security approaches

Last year ransomware attacks increased by 80% – an upwards trend that shows no sign of slowing.

Reconsidering security strategies to effectively protect against potentially debilitating ransomware attacks needs to be a critical component of any resilience planning activity for energy sector businesses.

A partial defence is no longer an adequate defence.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How the energy industry can defend against increasing ransomware attacks?

Related Posts

Energy intense industries must revaluate energy models to avoid grid resilience cliff edge, report finds

SP Energy Networks to deliver real-time digital model of its network

Rinnai – Instantaneous electric water heaters in 21, 24 & 27kW coming soon

Greenhouse Gas Protocol must unlock higher-impact opportunities in emerging markets

Digital Issue