Government agencies, energy companies at risk for infection

Members of the energy sector have been targeted by hackers in recent months.

Accounting for every malware strain that could threaten the integrity of a networked environment would be an exercise in futility, but IT administrators should still be aware of the most current cybersecurity trends in order to better prepare their defenses in the event of an attack. If nothing else, personnel should adhere to fundamental data security best practices, such as maintaining up-to-date network defenses and addressing any software flaws that could be exploited by hackers. Although no industry could ever be considered completely safe from the threat of cybercrime, some sectors have been targeted more heavily in recent months.

A common assumption is that hackers are more likely to target organizations housing rich reserves of lucrative financial information. In practice, however, cybercriminals do not need to be so discerning about which companies they launch attacks against. Any organization, regardless of size or industry, will have some data that can be leveraged for financial gain. For instance, energy companies have a wealth of information that can be of use to hackers beyond credit card numbers and payment records. Sensitive documents could be ransomed or sold to the highest bidder on the black market.

Furthermore, the energy sector presents many opportunities for cybercriminals to engage in sabotage. Many elements of the modern energy infrastructure, from electric grids to natural gas pipelines, are at least partially controlled through a digital networked interface. If hackers were to break through defenses and gain control of these systems, they could conceivably disrupt critical operations with widespread repercussions. The U.S. Department of Homeland Security recently issued a warning to American energy companies that the agency's cybersecurity researchers witnessed an uptick in cybercriminal activity targeting members of the industry

According to government officials, numerous companies in the Midwest and Great Plains were targeted by these assaults, many of which utilized watering-hole tactics in an attempt to infect employees' devices. Although none of the reported attacks were successful, cybersecurity experts stated that they highlighted the need for better data and network protection standards in the energy sector.

"We want to be able to respond to attacks as quickly as possible, but we also want to make sure we put measures in place to prevent these attacks," Lila Kee, a member of the North American Energy Standards Board, said.

Protecting government agencies prioritized
The potential for cybercriminals to launch attacks with the aim to disrupt critical operations has led many U.S. government insiders to fret about the security present at their own agencies. According to a recent cybersecurity study, 60 percent of government employees stated that defending against a malware attack was a high priority within their department. Despite the acknowledgement of cybersecurity as an operational imperative, 47 percent of respondents said their positions required little to no knowledge about preventing malware attacks. 

One of the oft-repeated tenets of cybersecurity is the need to cultivate a security-conscious corporate culture. Every employee is an important component of developing a robust defense against the threat of malware. Without being aware of and adhering to data security best practices, individual staff members often present a considerable liability. Spear-phishing, watering holes and other popular malware tactics specifically target employees in an effort to gain access to the wider network. That is why it is imperative that IT administrators not only stress the need for safer Web browsing habits among workers, but take the proper steps to safeguard critical systems in the event that those directives are ignored. 

A sophisticated system restore and recovery solution can limit the amount of damage caused by a malware program that has been contracted by a negligent employee. By implementing an automated restore feature, IT administrators can ensure that any virus that is downloaded during the course of a user session will be removed when it has ended.

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.