According to new research (registration required) by SecurityScorecard and KPMG, the US energy sector is particularly vulnerable to supply chain attacks, with 45% of security breaches in the past year linked to third-parties.
This compares to a global average of 29% for supply chain breaches across all other industries, while 90% of attacks on energy companies breached more than once involved third parties.
Also notable, 67% of third-party related breaches involved external software and IT providers and 22% involved other energy companies.
The largest contributor to third-party breaches in the energy sector was the exploitation of the MOVEit file transfer software vulnerability in 2023, accounting for 39% of breaches.
“With geopolitical and technology-based threats on the rise, this complex system is facing an equally generational risk exposure that could harm citizens and businesses alike,” Prasanna Govindankutty, Principal, Cyber Security US Sector Leader at KPMG commented.
Emily Phelps, Director, Cyware had this to say:
“The rising threat to the energy sector, particularly from third-party vulnerabilities, underlines the urgent need for a collective defense approach. As cyberattacks increasingly exploit supply chain weaknesses, organizations can no longer afford to operate in silos. Collaboration between trusted companies and industries, alongside the operationalization of threat intelligence, is critical to staying ahead of attackers. By turning intelligence into actionable insights, organizations can identify risks earlier, coordinate defenses, and reduce the time it takes to respond. Proactivity is key – relying solely on reactive measures leaves critical infrastructure and businesses exposed to recurring threats. Only through shared intelligence and coordinated efforts can we address these complex, evolving risks effectively.”
We’re at a point now where every sector needs to ensure that they are taking steps to protect themselves. Because the threat landscape is only growing, which is a bad thing for all of us.
Related
This entry was posted on October 24, 2024 at 8:22 am and is filed under Commentary with tags KPMG, SecurityScorecard. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
45% of energy sector breaches linked to third-parties
According to new research (registration required) by SecurityScorecard and KPMG, the US energy sector is particularly vulnerable to supply chain attacks, with 45% of security breaches in the past year linked to third-parties.
This compares to a global average of 29% for supply chain breaches across all other industries, while 90% of attacks on energy companies breached more than once involved third parties.
Also notable, 67% of third-party related breaches involved external software and IT providers and 22% involved other energy companies.
The largest contributor to third-party breaches in the energy sector was the exploitation of the MOVEit file transfer software vulnerability in 2023, accounting for 39% of breaches.
“With geopolitical and technology-based threats on the rise, this complex system is facing an equally generational risk exposure that could harm citizens and businesses alike,” Prasanna Govindankutty, Principal, Cyber Security US Sector Leader at KPMG commented.
Emily Phelps, Director, Cyware had this to say:
“The rising threat to the energy sector, particularly from third-party vulnerabilities, underlines the urgent need for a collective defense approach. As cyberattacks increasingly exploit supply chain weaknesses, organizations can no longer afford to operate in silos. Collaboration between trusted companies and industries, alongside the operationalization of threat intelligence, is critical to staying ahead of attackers. By turning intelligence into actionable insights, organizations can identify risks earlier, coordinate defenses, and reduce the time it takes to respond. Proactivity is key – relying solely on reactive measures leaves critical infrastructure and businesses exposed to recurring threats. Only through shared intelligence and coordinated efforts can we address these complex, evolving risks effectively.”
We’re at a point now where every sector needs to ensure that they are taking steps to protect themselves. Because the threat landscape is only growing, which is a bad thing for all of us.
Share this:
Like this:
Related
This entry was posted on October 24, 2024 at 8:22 am and is filed under Commentary with tags KPMG, SecurityScorecard. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.