Black Kite’s “The 2021 Ransomware Risk Pulse: Energy Sector” report ranks the performance of Fortune 500 to 150 power companies on various aspects of security preparedness. The report includes a heat map of how these companies score across the board. Thanks to the sector’s achievements – and thanks to good luck, considering how important the services are – most companies focus on attack surface awareness (139 As, 11 Bs), fraudulent apps (134 As, 14 Bs, 2 Cs), and social media risks (133 As, 14 Bs, 2 Cs, and 1 F).
Where many companies need to improve in areas like patch management, which are often overlooked but crucial to plugging in vulnerabilities; Out of 150 companies, 38 have given an F rating here. Certificate management was particularly bleak, with 52 companies earning an F. The most annoying part is how the colonial pipeline invaders entered – through an unused but open VPN account.
But perhaps the biggest improvement is SSL / TLS power. Where only 17 companies rated F, about half – 72 – squeaked with a D grade. SSL and, hopefully more often, TLS encrypt the communication between the web client and the server, ensuring that the company has protocols and certificates up to date to secure customer information.
Overall, the energy sector is a mixed bag, but at least now IT workers know where to focus their efforts. See full Energy Sector Report From the black kite.
