Third-Party Vendors Are The Top Cybersecurity Threat For US Energy Companies

Tyler Cross
Tyler Cross Senior Writer
Published on: November 5, 2024
Tyler Cross Tyler Cross
Published on: November 5, 2024 Senior Writer

A new report by SecurityScorecard and KPMG found that the top cybersecurity threat to US energy companies is actually their own third-party vendors.

The study analyzed 250 energy companies, of which 90% had previously faced cyberattacks related to third-party vendor failures. Attacks on electric companies are “disproportionately high,” and are responsible for 45% of the attacks in the energy sector.

Another major issue is the legacy technology that these companies rely on. Due to the need for careful investigations of each new patch, the energy sector relies on older tech that’s slow to update. While this prevents customers from losing power due to technical failures, it means these companies lag behind modern threats.

Through the same study, we learned that 39% of these attacks originated from the June 2023 MOVEit hack. In that attack, threat actors breached the file transfer software MOVEit and gained access to company information. While most of the data focused on US companies, the breach impacted the global supply chain.

IT vendors and software companies are at the most risk of being breached by hackers. Together, they made up over 67% of the third-party companies that were attacked.

“The energy sector’s growing dependence on third-party vendors highlights a critical vulnerability — its security is only as strong as its weakest link,” said Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard. “Our research shows that this rising reliance poses significant risks. It’s time for the industry to take decisive action and strengthen cybersecurity measures before a breach turns into a national emergency.”

Many experts believe these businesses can only be protected by proactively improving their defenses.

About the Author
Tyler Cross
Tyler Cross
Senior Writer
Published on: November 5, 2024

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment