Energy Sector Security: New Insights Point to a Managed Services Future
Written for BlackBerry VP of Product and Technical Marketing Paul Zimski
When it comes to keeping lights on, factories running, and vehicles refueled or recharged, cybersecurity cannot be taken lightly. If one password at one company is compromised, huge segments of the energy supply chain can be thrown into absolute chaos. Take the Colonial Pipeline ransomware incident as a powerful example of the urgency to improve energy sector security. Energy is especially vulnerable to cyberattacks for three major reasons:
There’s no shortage of attackers and motivations for targeting energy providers — whether it's hacktivists with political agendas, state-sponsored actors seeking disruption, or cybercriminals looking for a ransom payout.
There's a huge attack surface to defend — spanning legacy and modern IT, operational technology (OT), and distributed internet of things (IoT) assets, which aren't always managed by the same teams.
There’s an increasingly interconnected infrastructure – so a disruption on the IT side of the house can have a direct impact on OT assets in the physical world.
Though the primary concern of a large-scale grid shutdown is the human impact, and the destabilization that it can cause, even compartmentalized attacks in this sector are costly to both utilities and consumers. The 17th annual Cost of a Data Breach Report ranked the energy industry as fifth highest in costs, with an average of $4.65 million per breach.
With so much on the line, it is crucial to hear directly from the energy industry itself to understand the challenges and obstacles they face.
Energy & Utilities Struggle With Cybersecurity Complexity
BlackBerry recently surveyed more than 400 IT and cybersecurity leaders in the U.S., Canada, and U.K., and it’s clear that overall security complexity is a common obstacle:
72% of respondents in the energy and utilities sector agree that the amount of work required to create their own dedicated security operations is daunting, with 60% citing the expense of acquiring the needed cybersecurity tools, licenses, and personnel.
Only 44% stated that their team is currently equipped with the knowledge, tools, and necessary visibility to detect and respond to zero-day and advanced threats. More than half (52%) stated that it is challenging to gain a holistic picture of cybersecurity status.
Only half of respondents say they have the capacity to handle the number of alerts (and false positives) that they currently receive from their security systems, and 40% report that they find it challenging to analyze data from multiple sources in order to detect, prevent and respond to cyberattacks.
Organizations Find Value in Managed Security Services
According to the research, 88% of IT and cybersecurity leaders say they already take advantage of managed security services in their environment. The respondents also frequently found that the benefits of utilizing managed security services exceeded their expectations. These greater-than-expected benefits include the ability of managed services to free up existing resources, address the security skills gap, and make it possible to scale cybersecurity capabilities. See more in the chart below.
One area of managed services growth specifically relates to implementing XDR (extended detection and response) capabilities. XDR solutions strive to expand on the core functionality of EDR (endpoint detection and response) systems by unifying the detection and analysis of threats across an organization’s entire digital environment. XDR solutions also frequently tout the ability to equip security teams with a cohesive, holistic view of their entire technology landscape.
However, XDR comes with a significant challenge — one that was underscored in the research. It can take significant resources — time, budget, and personnel— to implement XDR effectively. This is another place where managed services can meaningfully help bridge the gap. (Read Midmarket Game Plan: Shore Up Security and Resilience with Managed XDR to explore this topic.)
The Potential Impact of Managed XDR in the Energy Sector
Perhaps the most striking takeaway from the survey data is that overall complexity presents the primary obstacle. Managed services are well-positioned to help relieve that complexity, by optimizing resource allocation and improving project outcomes for energy sector security teams. It’s certainly a crucial consideration, since managed services are already in use by almost 90% of the sector, and most cybersecurity leaders say the greatest perceived benefit of the service is that it will free up current human resources. This is precisely why energy companies are turning to managed services: to help them increase their security “coverage,” while reducing risk and staff burnout, and staying on budget.
So, what does a good managed detection and response (MDR) service engagement look like? What key components result in good outcomes?
Things That Make a Good Managed Cybersecurity Service:
Advanced technology: The managed service should use battle-proven, algorithmic-based defense models that reduce alert noise; and it should incorporate an extended set of telemetry and advanced analytics to spot sophisticated adversary behavior before it compromises data, operations, or reputation.
24x7x365 exceptional expertise: The managed service should be staffed by seasoned experts that function as an extension of your internal team, managing threat hunting and alerts so you can focus on meeting core business goals. The service should provide 24x7x365 “eyes-on-glass” monitoring, security protection, and multi-regional compliance support, monitoring your environment and responding as needed.
Proprietary cyber threat intelligence (CTI): The service provider should be armed with proprietary threat intelligence, sourced from a global network of in-house researchers. This original threat intelligence context helps organizations focus on the right priorities, at the right time, with the right resources. And that equates to better outcomes.
Transparency: The managed service provider should have a comprehensive transparency policy. It ensures you are fully informed and can see what steps are being taken to secure your environment: from white-glove onboarding and training, to setting up customized orchestration and playbooks to keep everyone in sync and minimize drift.
Focused on outcomes: The service should require only a fraction of the time and capital investment that would be needed to develop an in-house SOC (security operations center) capability.
This is precisely the level of service we offer to customers of our BlackBerry® managed XDR service, CylanceGUARD®.