SECURITY

A stark new report from cybersecurity platform KnowBe4 has laid bare the escalating cyberthreats facing Europe’ s vital energy sector.

he research, titled Could Cyberattacks Turn the Lights Off in

Europe?, reveals a disturbing trend: cyberattacks targeting the energy and utilities industry more than doubled between 2020 and 2022.

The surge highlights the growing vulnerability of critical infrastructure and how increased sustainability goals are simultaneously expanding the attack surface for malicious actors as Europe transitions towards renewable energy sources and embraces Digital Transformation.

The increasing reliance on interconnected digital technologies, coupled with heightened geopolitical tensions and the sophistication of modern cyberthreat actors, is creating a precarious environment where the stability of Europe’ s power infrastructure is increasingly at risk.

Concerning findings

The report’ s findings paint an alarming picture of the current European cybersecurity landscape within the energy sector. A key statistic reveals that in 2023, the energy sector reported three times more operational technology( OT) and industrial control system( ICS) cyberincidents compared to any other industry. Phishing emerged as the initial attack vector in a significant 34 % of these incidents, highlighting the persistent threat posed by human error.

The UK particularly, has witnessed a dramatic spike in successful reported cyberattacks on its utility companies, soaring by an alarming 586 % between 2022 and 2023. The exponential increase demonstrates the rapidly evolving threat landscape and the potential for significant disruption within national energy grids.

“ The protection of critical infrastructure is paramount, as the research highlights how cyberattacks can cause widespread disruption across the energy sector, impacting everything from power generation to distribution. The need for continuous education, investment in threat detection technologies, and cross-border collaboration to safeguard the continent’ s power infrastructure against escalating cyberthreats has never been more clear.”

However, the data also highlights the significant impact of security awareness training in mitigating human risk, underscoring the crucial role of educating employees to recognise and avoid phishing attempts, a key entry point for many cyberattacks.

A remarkable reduction in phishing susceptibility within large energy organisations, dropping from a concerning 47.8 % to a mere 4 % within a single year following comprehensive training programmes. Small and medium-sized retailers within the energy sector also experienced similar positive outcomes, with phishing susceptibility declining from 29.3 % and 33.3 % to just 3.7 % and 4.2 %, respectively.

Investing in advanced threat detection technologies, encouraging cross-border collaboration for intelligence sharing, and, crucially, implementing comprehensive and continuous security awareness training for all employees are vital steps in safeguarding Europe’ s critical power infrastructure and preventing potentially devastating disruptions.

The report also identifies ransomware and phishing attacks as key culprits behind revenue losses and operational disruptions within the energy sector. These financially motivated attacks are pushing a significant 94 % of energy firms to actively adopt AIdriven cybersecurity solutions in a bid to bolster their defences and proactively identify and mitigate threats.

“ As Europe navigates evolving cyberthreats, the energy sector must take proactive steps to strengthen its cybersecurity defenses,” said Martin Kraemer, Security Awareness Advocate at KnowBe4.

WWW. INTELLIGENTCISO. COM 57