Challenges 2021 holds for cybersecurity in Australia’s energy sector

cybersecurity

By Jim Cook, ANZ regional director, Attivo Networks

If 2020 has been the year of unprecedented disruption on a global scale, 2021 will be the one when many people begin picking up the pieces.

The COVID-19 pandemic caused unexpected and rapid change on all fronts. With virtually no warning, energy companies had to shift most of their staff into a “work-from-home” mode. Meanwhile, IT teams had to quickly put in the infrastructure to allow access to core applications and data stores.

On the security front, chief information security officers and their teams in the energy sector wrestled with the best ways to provide secure links for a dispersed workforce while maintaining effective protection against cyberattacks. In many cases, they brought forward investments they had slated for the future to help tackle the new challenges.

Now it’s time to consider what 2021 might have in store and determine how some of these trends might develop in the year ahead. Here are some worth keeping your eye on.

Related article: Transforming the energy industry with IIoT

Artificial intelligence (AI)

We will likely see increasing use of AI in cybersecurity with applications, including in-depth analysis of network traffic to spot anomalous behaviour. AI can also help to stress-test security measures and ensure they are providing maximum protection.

However, one must remember that cybercriminals have access to many of the same tools. They will continue to put them to work to crack codes, break encryption, and unlock passwords.

Attackers will have the advantage of trying many different methods and only needing one that’s effective. Defenders, on the other hand, have to get everything right. Take time during 2021 to assess the most effective way of putting AI to work in your security infrastructure.

Cyber deception

In early 2020, deception was still one of the most misunderstood of all security strategies. However, awareness and usage are now increasing, and this trend is likely to continue during 2021.

Security teams will also start to embrace new concealment technologies in complement to their deception strategies. They will use these new innovations to hide and deny access to credentials, Active Directory objects, and the data that attackers seek to steal, use, or alter.

Ransomware

Ransomware will continue to be a significant threat throughout 2021. Many organisations may think they have already taken the steps required to avoid such an attack but will still find their systems becoming infected.

Attackers will take more sophisticated and aggressive paths to inject their ransomware code into systems, and security teams must continue to guard against attacks. So-called ransomware 2.0, where humans rather than automated code guide attacks, will also continue to increase.

Related article: Funding awarded to energy consumer advocacy groups

Remote working

Companies will need to continue to adjust to a significant proportion of staff working from home during 2021. From a security perspective, this means focusing on endpoint devices as these can provide attractive attack vectors for cybercriminals.

Security professionals must also be mindful that people may come with devices that already have an infection when returning to the office during the year. Reconnecting them to the central network could provide an opportunity for a cybercriminal to gain access.

Internal security controls must adapt to cope with this threat. CISOs and CTOs must also check to ensure that methods used to provide remote access to central resources are scaled back and locked down where appropriate as staff return.

Gender pressures

The workplace changes created by COVID-19 during 2020 have had a particular impact on women. When forced into a “work-from-home” mode, many have also had to continue as primary caregivers–especially for smaller children.

As a result of this dual role, some find themselves in unsustainable positions, unable to continue their existing jobs. The situation may force them to resign or take less demanding positions.

Thankfully, many companies are cognisant of this issue and are looking for ways to address it. Expect new initiatives and ideas to be trialled during the coming year.

There is no doubt that 2021 will be an interesting and challenging year for all in the energy sector. Coming to terms with the longer-term impacts of COVID-19 and striving to reach a “new normal” state will focus minds and direct strategies for months to come.

Keeping an eye on these trends will help ensure that security teams in the industry position themselves best to deal with the challenges that lie ahead.