Ninety Percent of Energy Companies Suffer Supplier Data Breach

Cyber Security Threat Summary:
Security Scorecard recently analyzed the cybersecurity posture of the largest coal, oil, natural gas, and electric companies in the US, UK, France, Germany, and Italy, as well as their suppliers. According to the vendor, UK energy firms received the high average security rating (80% holding a B or above). However, a third of global firms received a rating of C or lower, making them susceptible to a breach. Based on the data gathered, it was concluded that nearly 90% of the 48 biggest energy companies suffered from a supply chain data breach in the past 12 months. What’s more, within the past 90 days alone, the vendor identified 264 breaches related to third-party compromises.

Security Officer Comments:
When conducting security audits, most organizations tend to forget about third-party vendors. As a result, threat actors are taking advantage of this opportunity, leading to a surge in supply chain attacks. Going forward, it’s important for organizations to conduct assessments of third-party vendors, ensuring that they are in compliance with cybersecurity standards. Regularly meeting with these third-party suppliers and helping them improve their security posture will be key to identifying and preventing potential threats. When it comes to using third-party software, organizations should also ensure that it is regularly updated, whenever patches are readily available. Just this year, hundreds if not thousands of organizations had their data stolen and held for ransom due to a critical bug in the MOVEit file transfer application that was left unpatched.