Sophos has published the results of its industry study titled “_______”, which delves deeper into the four critical sectors – Water, Energy, Oil, and Gasoline – that fall under the defined sixteen critical infrastructure categories.
The findings from a global survey of 5,000 cybersecurity/IT leaders, including 275 in the KRITIS sector, confirm that average restoration costs for both energy and water infrastructure sectors more than quadrupled to €2.8 million last year? The costs in this sector are roughly four times higher than the global and industry-wide median.
“Cybercriminals are increasingly targeting industrial sectors where they can inflict the greatest damage and disruptions.” As the public demands swift solutions to restore services within the KRITIS domain – with some even willing to pay ransom payments if necessary. According to Chester Wisniewski, World Area’s Chief Technology Officer, this makes utility companies prime targets for ransomware attacks. Unfortunately, critical infrastructure operators are vulnerable to attacks on multiple fronts, including the high demands for availability and a technology-focused approach that prioritizes physical security. Moreover, older technologies lacking modern security measures and the general lack of IT safety and privacy also pose a risk.
The energy and water suppliers report increasingly longer restoration periods as well. Only about 20% of companies that fell victim to ransomware attacks were able to recover within a week or less in 2024, compared with 41% in 2023 and 50% in 2022. Around 55% of respondents required more than a month to recover, compared to 36% in 2023. Compared to the overall average, only 35% of companies across all sectors needed more than a month to recover.
Although a rising percentage (61%) paid the ransom as part of their recovery strategy, surprisingly, restoration took longer. Cybercriminals are incentivized by high ransom demands not only to launch further attacks, but also to prevent companies from achieving their goal of a shorter recovery time, according to Wisniewski. Utility companies should proactively take measures to monitor their remote access and network systems for vulnerabilities. You should ensure that you have continuous monitoring and reaction capabilities around the clock to minimize outages and shorten recovery times. Incident response plans should be proactively developed, just like those for fires, floods, hurricanes, and earthquakes, and regularly rehearsed.
The comprehensive report “The State of Ransomware in Critical Infrastructure 2024” is now available for download.
