The US energy sector is being put at risk by critical third-party vulnerabilities

1 week ago 3
Someone using a laptop for SEO analysis.
(Image credit: Pixabay)

  • The US energy sector is being put at risk by vulnerable third parties, report warns
  • New report claims energy infrastructure is failing to stay secure
  • Increased reliance on third-parties must be addressed

New research has claimed significant vulnerabilities are plaguing the US energy sector - with a worrying amount stemming from third-party weaknesses.

A recent report by SecurityScorecard and KPMG based on a survey of the 250 largest US energy companies claims third-party risks account for 45% of breaches, with 67% of breaches in this sector linked to software and IT vendors.

The data shows the US energy sector has a critical reliance on third-party services for cybersecurity.

Escalating cybersecurity threats

The report also highlights a notable disparity between oil and gas companies and their renewable energy counterparts. Oil and gas companies generally score better in cybersecurity, with many earning an “A−” rating, reflecting their relative strength in addressing cyber threats. In contrast, renewable energy firms lag behind, receiving an average score of “B−."

The interconnected nature of renewable energy systems, such as smart grids and solar or wind power installations, makes them particularly vulnerable to cyberattacks, with the report suggesting that addressing these vulnerabilities should be a priority for the sector.

In the energy sector, most cybersecurity vulnerabilities are concentrated in three key areas - application security, network security, and DNS health - with 92% of companies having their lowest scores in these risk categories.

US critical infrastructure has already been subject to a number of attacks from Russia, China, and Iran, highlighting the need for improved resilience against vulnerabilities and better protection for exposed endpoints.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The energy sector's growing dependence on third-party vendors highlights a critical vulnerability — its security is only as strong as its weakest link," noted Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard.

"Our research shows that this rising reliance poses significant risks. It’s time for the industry to take decisive action and strengthen cybersecurity measures before a breach turns into a national emergency."

You might also like

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: [email protected]

Read Entire Article