News, news analysis, and commentary on the latest trends in cybersecurity technology.

One third of the companies studied haven't fixed their credential management — the same issue that led to the Colonial Pipeline hack last May.

Dark Reading Staff, Dark Reading

January 28, 2022

1 Min Read
Heat map that grades energy companies on preparedness in various security areas; each area adds up to 150 companies
Source: Black Kite

"The 2021 Ransomware Risk Pulse: Energy Sector" report from Black Kite grades the performance of 150 energy companies from the Fortune 500 on various aspects of security preparedness. The report includes a heat map of how these companies score across the board. To the sector's credit — and thank goodness, considering how vital the services are — most companies rated fairly highly across most of the security postures, including awareness of attack surface (139 As, 11 Bs), fraudulent apps (134 As, 14 Bs, 2 Cs), and social media risks (133 As, 14 Bs, 2 Cs, and 1 F).

Where many companies need to improve is in areas like patch management, which is often overlooked but is vitally important for plugging vulnerabilities; 38 of the 150 companies rated an F here. Credential management was particularly bleak, with 52 companies earning an F. The most disturbing part there is that's exactly how the Colonial Pipeline attackers got in — through an unused but open VPN account.

But perhaps the biggest area for improvement is in SSL/TLS strength. While only 17 of the companies evaluated rated an F, almost half — 72 — squeaked by with a D grade. SSL and, hopefully more often, TLS encrypt communications between the Web client and server, ensuring the company's protocols and certificates are up to date is vital to protect customers' information.

Overall, the energy sector is a mixed bag, but at least now the IT staff knows where to concentrate their efforts. View the full energy sector report from Black Kite.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights