Utilities: This is how to keep an eye on the IT security of your office IT at all times

The responsibility is immense. As operators of critical Infrastructures, energy supply companies are almost permanently exposed to attack attempts. As a rule, the networks of the supply processes are physically separated from the administration for security reasons. But even if ONLY the administration and customer data are affected, the damage quickly runs into millions. As a preventive measure, IT security monitoring provides the external attack surface with the urgently needed transparency. They continuously record possible vulnerabilities and help the IT team to quickly minimize the risk.

IT Security from an External Perspective: Energy Groups in Germany

Considerable need for action in IT security
Energy supply requires smoothly functioning IT operations. This makes it all the more worrying that threats from ransomware and risks along the supply chain of IT products and services in the energy sector have increased dramatically in recent years. With the IT Security Act 2.0, the federal government obliges all operators of critical infrastructures (CRITIS) to take enhanced security measures for their IT. The high pace of aggressive attacks also presents companies with the task of providing sufficient resources. After all, only continuous analysis and optimization of security systems and protective measures can ensure the business continuity expected by society.

Our analysis of 14 energy groups revealed that there is still considerable need for action in terms of IT security. The data was collected by gathering and processing information from publicly available sources. 

The results 

Protected mail dispatch
86 percent of the energy companies checked sent emails partially unprotected (without SPF entry), which facilitates spam and phishing attacks by attackers through mail forgery.

Accessibility of the system interfaces
79 percent do not adequately protect all database systems belonging to the company against cyber attacks. Unsecured systems that can be accessed from the outside make it easier for hackers to gain access to sensitive data.

Data transmission security
In addition, 100 percent allowed data transmission using outdated transport encryption, which encourages data theft.

Obsolete applications
At least one application with a potential security vulnerability of high criticality was found in 79 percent. Applications with missing security updates are a welcome gateway for attackers.

GDPR compliance
100 percent of energy companies used tracking cookies without user permission. In these cases, warnings and fines can threaten.

 

Gain insight into your organization's external IT attack surface

IT managers do their best to ensure the security of their IT systems. But how can the current status of security performance continuously be proven? With LocateRisk's IT security analysis, it's quick and easy. See for yourself: Interested organizations can receive a security assessment of their IT landscape, including a 30minute insight into the detailed analysis, free of charge at: Tel. 06151 6290246 or e-mail to: em@LocateRisk.com

Case Study Energy Logistics Company

Read now: Meeting KRITIS requirements with continuous monitoring 

 

Request your personal Live-Demo now

Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.

I agree to the privacy policy. read


Learn more, book a demo, or just have a quick chat? Alex is happy to help!

Your personal consultantAlexander FeldmannConsulting

+49 6151 6290246

Get in touch now