Why Cybersecurity in the Fuel Sector Must Be a Priority

What would your company do if its digital systems and files were held for ransom? Unfortunately, ransomware is now an exposure that fuel dealers and distributors must navigate. Although environmental hazards, worker injuries, and transportation mishaps continue to pose risks, cyberattacks are a growing concern. The consequences are often severe, making cybersecurity a must.

Cyberattacks Are Increasing

In 2022, ransomware attacks seemed to be declining, but the respite was short lived. According to Chainalysis, ransomware payments surged to an all-time high of $1.1 billion in 2023. The 2024 ThreatDown State of Malware report from Malwarebytes also shows an increase in ransomware activity in 2023, with a 68% increase in ransomware attacks compared to 2022.

The bad news doesn’t end there: business leaders also need to watch out for social engineering attacks, including business email compromise (BEC). In a typical BEC scam, a criminal poses as a legitimate contact to target someone within the company and trick the person into authorizing a wire transfer. Other goals may include diverting payroll or even shipments of goods. The FBI says BEC scammers frequently compromise legitimate business email accounts through social engineering or computer intrusion. In 2023, victims lost more than $2.9 billion to BEC scams, up from $2.7 billion in 2022.

Infrastructure Is a Target

In May 2021, the Colonial Pipeline became the target of a ransomware attack that shut down its digital systems for days and compromised more than 5,500 miles of pipeline on the East Coast. According to TechTarget, Colonial Pipeline paid a ransom of $4.4 million, approximately $2.3 million of which was recovered. The attack also prompted President Biden to issue an emergency declaration.

Cybercriminals frequently target infrastructure and other vital operations to cause disruption and increase the chance of a ransom payment. According to Forescout’s 2023 Global Threat Roundup, attacks against global critical infrastructure increased by 30% in 2023. There were 420 million attacks against medical, power, waste, communications, manufacturing, and transportation – the equivalent of 13 attacks per second.

For propane and fuel dealers and distributors, this means the chance of a cyberattack is increasing. To make matters worse, attacks are becoming more sophisticated.

Hackers Are Leveling Up with AI

In late 2023, everyone was talking about the many ways they could use generative AI. Unfortunately, hackers were also interested in this technology.

Phishing emails have been common for a while. Most people receive multiple phishing attempts every week – or even every day. However, many of these emails have telltale signs (such as bad grammar and spelling) that distinguish them as fakes. Now hackers can use generative AI to write phishing emails, these errors may disappear, resulting in more convincing emails. Hackers can also use generative AI to increase the volume of attacks and write malicious code.

SlashNext says phishing emails increased by 1,265% since the launch of ChatGPT in late 2022. A successful phishing attack can give cybercriminals everything they need to compromise sensitive accounts and infiltrate computer systems to launch new attacks. IBM identified phishing and other social engineering attacks as the top infection ransomware vector, responsible for 45% of all attacks reported by survey participants.

Fake emails are worrying enough, but fake phone calls and videos are a growing concern, thanks to voice cloning and deepfake technology. CNN says a finance worker was tricked into paying $25 million to scammers who used deepfake technology to pose as the chief financial officer of his company. The scammers also impersonated other coworkers during the video conference, again using deepfake technology.

How to Minimize Your Cybersecurity Threats

Cybersecurity risks aren’t going away. Rather, they’re evolving and growing. The fuel industry can’t afford to become complacent. Since cybercriminals are constantly upping their game and adopting new technologies and strategies, fuel industry leaders need to stay vigilant.

Cybersecurity that was adequate a year ago may no longer be sufficient to counter the new AI-powered threats. In addition to checking computer networks for vulnerabilities, company leaders should educate employees on new threats and introduce protocols to reduce risks. For example, since workers can no longer trust what they hear on the phone or see in a video conference call, companies need to find new ways to verify requests for wire transfers and sensitive information. As the number of phishing emails increases, companies should consider additional measures to counter phishing, such as multifactor authentication and automatically flagging emails from external sources.

Cyber insurance provides another layer of protection. A company may be successful in thwarting the vast majority of these attacks, but suffering just one can be disastrous. Cyber insurance covers many of the costs associated with a cyberattack.

Tangram offers cyber insurance along with other insurance products designed for the fuel and propane dealers and distributors sector. Learn more.