As we move into 2024, the energy industry is entering a new era of cyber threats. Here are the top trends to watch that will surface more cyberattacks through new disclosure requirements and the sophisticated techniques from bad actors that make it absolutely imperative for your team to have a plan in place.
1. Response to Increasing Government Regulations
The SEC implemented new cybersecurity reporting requirements in 2023 for publicly traded companies, aiming to improve transparency and inform investors about potential risks, including disclosure of any material cybersecurity incident within 4 days using form 8-K. Companies must also provide annual disclosures in their Form 10-K regarding their cybersecurity risk management practices, oversight, and incident response plans. Attacks are anticipated to shift and adapt in response to the SEC’s cyber-attack disclosure rule in 2024.
2. Ransomware-as-a-Service
RaaS’s a business model where cybercriminals rent out pre-developed ransomware tools and infrastructure to other attackers, often called affiliates. This disturbing trend is poised to elevate cybercrime and empower less-skilled crime groups.
3. AI and Machine Learning
AI empowers threat actors to automate diverse tasks at scale, from identifying exposed assets like firewalls, VPNs, and remote desktops to effortlessly compile lists of known vulnerabilities. Generative AI tools like ChatGPT or Google Bard also empower bad actors to craft more convincing phishing content in multiple languages.
4. Whale Hunting
Social engineering attacks targeting high profile individuals, executives, and senior leaders will also increase in sophistication. This includes personalized e-mail phishing attempts vs. bulk spam often combined with text and phone calls, made worse by AI and deep fake technology that allow hackers to copy voices from public recordings.
5. Zero Trust
Teams must rapidly move to continuous security verification to eliminate cyber threats, such as zero-trust architecture (ZTA). Failure to implement a ZTA will result in an increase in man-in-the-middle attacks where hackers intercept internet traffic and steal passwords and credit cards (e.g., setting up fake public wi-fi or redirecting to a fake website).
6. Third Party Risk Management (TPRM)
Bad actors will target critical infrastructure suppliers, therefore third-party risk management is critical. Sophisticated upstream and downstream components of supply chains will be increasingly at risk. This includes software supply chains that often contain hundreds of components from multiple software vendors and the other technologies and open-source code products are built on.
7. Evolving Threat Landscape
Cybersecurity professionals will increasingly be expected to take on more complex workloads during 2024 as the threat landscape grows ever more sophisticated. Teams must up their game, improve their white hat hacking chops (i.e., think like a bad guy to catch a bad guy), and drive teamwork and communication to new levels.
Looking for a trusted partner to help you navigate today’s evolving and complex cyber threats? With a 100% focus on energy, Stonebridge has a 30-year track record of keeping pace with the rapidly changing digital oilfield, IT/OT, and data security landscape. Contact us today to get started with a cybersecurity health check and a review of your business continuity and disaster recovery plan.