As environmental consciousness increases across the globe, the pressure on energy and utilities companies continue to intensify. The global community now understands that how we create and access energy affects geopolitical dynamics, food sourcing, climate change and other concerns that will literally dictate the course of human history.
To meet these challenges, the energy and utilities sector is now embracing digital transformation. However, these industries can be considered late-adopters of application programming interfaces (APIs), and their rush to dive into the deep end of such technologies, coupled with the tremendous amount of money they manage, makes them attractive targets for cybercriminals.
To paint the picture clearly, Noname Security’s 2023 API Security Trends report provides updated insight on last year’s research, surveying over 600 CIOs, CISOs, CTOs, and senior security professionals from UK and US-based organizations across six industries. 117 of these respondents were from the energy and utilities sector. With that in mind, this blog post will highlight the most common API security risks within the utilities sector, what’s at stake in navigating threats and the best strategies to make energy-related APIs safe and effective. You’ll also get access to the full report – free!
Of the six industries examined, energy and utilities was the only subgroup to see no change in the volume of API security incidents from 2022 to 2023. Holding firm at 78% of respondents reporting such problems, threat actors have found an enticing and susceptible target that they don’t plan to move on from any time soon.
A key objective of Noname’s research is to highlight for industry leaders the disconnect between their API security procedures and the impact attacks are taking on their operations. Despite the consistently-high occurrences of breaches, 94% of energy and utilities survey respondents expressed confidence in their API security tools.
While other industries posted slightly higher numbers in overall security incidents, the energy and utilities sector has a specific problem deeper than any other cohort. Web application firewalls were reported as the top attack vector at a rate higher than the five other sectors polled. This is particularly noteworthy given that firewalls were found to be the least targeted area in 2022.
Given the sector’s importance to our global environment and economies, failures in API security often result in prominent news stories. However, there are also more nuanced pitfalls for industry leaders when defense systems fail.
With so much at stake in our developing energy landscape, it stands to reason that employees of related companies would feel a personal investment in their work. Noname’s survey found evidence of just that, revealing that nearly 60% of respondents have dealt with a loss of employee goodwill following a security incident.
More than half of those polled within the energy and utilities sector reported a loss of organizational productivity and fees to implement solutions as costs of API security failures. Fines from regulators and customer churn were also cited as common impacts.
Although this sector has not been an early innovator in the digital space, the need to successfully integrate technology into organizational structures has grown too large to ignore. A heightened understanding of the problems the industry faces, along with progress within the securities industry, provides hope for the present and future.
Increased focus on API security can go a long way toward thwarting threat actors. The second year of survey data showed significant jumps in companies’ inventory of their APIs, as well as knowledge of which platforms exchange sensitive data that would be most detrimental to have affected.
Healthy, dynamic APIs aren’t only critical to the energy and utilities sector risk mitigation – they can also enhance their operational and financial prospects. Over half of respondents labeled API security a “business enabler,” and the volume of those reporting that such measures help them comply with GDPR exceeded all other sectors.
Frequent testing of API security strength is the most direct, impactful way to stop cybercriminals. Daily and real-time testing increased year-to-year thanks, in large part, to security partners equipping the sector with the necessary tools. Industry leaders also reported a reliance on security partners to fulfill PCI DSS requirements, underscoring the value of tools which enhance visibility to the type of PII moving across an organization’s APIs.
Simply put, there is too much at stake for the energy and utilities sector to fail in their transition to digital operations. The operational need is so prominent, and the vulnerabilities so lucrative, that the sector and cybercriminals will be locked in a tug of war for dominance for years, if not generations, to come. Energy and utilities industry leaders would be well-served by reading the report, learning more about API areas to protect and how to preserve a secure environment.
Click here to download the full report – 2023 API Security Trends for the Energy and Utilities Sector.