The relentless attack on the energy sector continued last week when officials in Norway announced that as many as 300 energy-related companies in that country have been hacked by outsiders. The Norwegian National Security Authority (NSM) said that 50 organizations had been attacked for sure, but attempts on at least another 250 might have taken place. In this case hackers sent those with responsible roles in the organizations emails that contained malicious software. When opened, the software sought vulnerabilities that the hackers were able to exploit. According to reports, they were not only seeking passwords and financial data, but were attempting to install software that allowed them to surreptitiously observe the activity in the organization’s system.
This recent cyber attack on Norway’s energy providers is just one of the growing number of attacks that also have been taking place against energy systems in the US and Europe. In this case the attack was directed at upper level managers who are often overlooked when it comes to training personnel about the nefarious operations of hackers. The energy system is a critical portion of our infrastructure and must be protected at all costs. Clearly no position in an organization, from top to bottom, is exempt from hacking efforts by those with malicious intent. With that in mind, when developing a cyber training program for an organization, be sure that everyone is included, from the lowest to the C-Suite.
Source