Shielding the lifelines: Protecting energy and infrastructure from cyber threats
The energy and infrastructure sectors serve as the backbone of global stability and economic health, underpinning nearly all facets of modern society. As such, the integrity and reliability of these systems are paramount, and failure to maintain their uptime could lead to unprecedented disruptions in daily life. This reality underscores the pressing need to safeguard these sectors from evolving cybersecurity threats.
However, the very importance of energy and infrastructure makes them prime targets for cybercriminals. The surge in sophisticated email-based attacks, such as business email compromise (BEC) and vendor email compromise (VEC), poses a significant risk. These cyber tactics, often characterized by deceptive social engineering and the absence of traditional threat indicators, allow attackers to bypass conventional security measures easily. Understanding these attacks is the first step towards developing robust defenses against them.
The rising tide of email-based cyber threats
VEC and BEC attacks represent significant threats due to their exploitation of the human element of cybersecurity. Using social engineering tactics, these attacks pose as legitimate communications from trusted identities, in turn manipulating recipients into making unauthorized transactions or revealing confidential information. While BEC attacks typically involve the impersonation of internal employees, VEC attacks hijack relationships with external entities such as partners and suppliers.
Due to its intricate supply chain networks and reliance on third-party vendors, the energy and infrastructure sector is a prime target for VEC attacks. Recent data indicates that 65 percent of organizations in this sector experienced at least one VEC attempt from February 2023 through to January 2024, a rate surpassing that of the healthcare, finance, and technology sectors.
Adding to the problem, BEC attacks against the energy and infrastructure sector are also escalating. Our analysis reveals an 18 percent increase in the frequency of these attacks over a six-month period, culminating in a notable spike in early January. Such statistics underscore the urgent need for enhanced vigilance and advanced cybersecurity measures -- however, there are certain limitations around traditional defenses when it comes to effectively blocking these attacks.
The challenges of current cybersecurity measures
The evolving sophistication of VEC and BEC presents new challenges for legacy email security solutions, including secure email gateways (SEGs). That’s because SEGs were designed to detect known threat signatures, like malicious links, attachments, and bad sender domains. But today’s cybercriminals are savvy – they have quickly figured out how to evade detection by these tools simply by sending text-based, socially-engineered emails that omit traditional indicators of compromise and appear to be legitimate. As a result, modern email attacks are increasingly bypassing SEG solutions and landing in employee inboxes, putting organizations at risk.
Furthermore, the proliferation of generative AI technologies like ChatGPT -- and even malicious versions like FraudGPT and WormGPT -- have exacerbated the situation, enabling attackers to scale these attacks and craft larger volumes of even more convincing and hard-to-detect phishing attempts. Using generative AI, it’s easier than ever for cybercriminals to write email attacks that use relevant context, are free of spelling and grammatical errors, and can even be personalized to their targets.
This shift in cybercriminal tactics underscores the need for more advanced cybersecurity solutions that go beyond conventional detection methods, highlighting the importance of innovation in safeguarding these vital industries against the growing wave of cyber threats.
The future of cybersecurity in the energy and infrastructure sector
The resilience of the energy and infrastructure sectors in the face of cyber threats hinges on a layered defense strategy, including both human- and technology-based detection.
Recognizing the workforce as the frontline defense, security teams must ensure employees are equipped with the necessary skills and knowledge to protect the organization effectively. Up-to-date training on the latest cyber threats enables staff to swiftly identify the hallmarks of traditional email attacks such as urgent requests for sensitive information, poor spelling and grammar, and malicious links. Knowing how to recognize and report suspected phishing attacks is key.
However, as these attacks become increasingly sophisticated -- including through the use of generative AI -- they are only getting harder to spot by the human eye, which makes augmenting awareness programs with advanced technology-based detection strategies critical. As cybercriminals employ increasingly sophisticated techniques to craft seemingly authentic emails, security teams will need to lean into solutions that are capable of detecting complex, socially-engineered attacks. Solutions that leverage defensive AI, for instance, are emerging as an effective alternative to traditional SEGs.
The role of AI in modern cybersecurity
Unlike SEGs that look for bad behavior, AI-based solutions are designed to discern and baseline 'known-good' behaviors, thereby identifying and flagging any deviation that could signal a potential threat.
By ingesting vast arrays of contextual signals from across the email environment -- like users’ typical communication patterns and business relationships -- these solutions can deeply understand the behavior of each identity within the organization. With that baseline, advanced AI models can then detect malicious anomalies, including suspicious senders or unusual changes in communication. This means that organizations can identify and remediate sophisticated email threats even as attackers evolve their strategies and deploy novel, never-before-seen tactics.
By catching the attacks that humans and traditional solutions miss, this behavioral AI approach minimizes business downtime, which is crucial in the energy sector. Considering that interrupted service can have devastating impacts on people’s daily lives, limiting this downtime will ensure smooth functioning of not just the business but also society as a whole.
Nonetheless, even the most rigorous training and state-of-the-art technology may not be infallible. Organizations must, therefore, continue to bolster their defenses with foundational security measures like robust password management policies and multifactor authentication to mitigate the risk of breaches. Implementing systems capable of flagging potentially compromised accounts for immediate remediation actions is also crucial...
Strengthening cybersecurity in the energy sector requires a paradigm shift towards proactive, intelligent defense mechanisms. Deploying AI-driven solutions that vastly improve the detection of sophisticated email threats, along with foundational security measures and a culture of employee vigilance, will be vital in safeguarding our critical infrastructure against the ever-evolving landscape of cyber threats.
Image Credit: Mihai Andritoiu/Dreamstime.com
Mike Britton is CISO at Abnormal Security