Like other European countries, Britain is currently grappling with an energy crisis triggered by sanctions imposed on Russia following its invasion of Ukraine. As a result, the National Grid recently warned the UK to prepare for energy blackouts. Although blackouts have not been imposed so far due to the relative mildness of the last couple of months, a cold snap in January and February could push the country’s infrastructure to the edge. In turn, it could spell trouble for cybersecurity if organizations are not prepared.
The Cyber Risk of Blackouts
Blackouts are most likely to occur between 4 and 7 pm. These are typically peak hours for energy usage; when people get home from work, put the kettle on, use their ovens or sit down to watch TV. In the case of a regional or complete nationwide blackout, hospitals and other critical services would have their energy supply prioritized, but many businesses would be at risk.
Blackouts hit electricity supplies and affect the IT services of businesses – retailers, for example, may experience shop tills freezing and be unable to complete transactions. Crucially, any business can be at risk of a blackout and organizations can still be hacked during one. Servers are often hosted outside of a business’ territory and software-as-a-service (SaaS) platforms may be present in other countries entirely, leaving them vulnerable to attack. Blackouts may even prevent IT security teams from protecting their organizations. Many IT staff work remotely and cannot detect and prevent a breach if they experience a blackout. Fewer on-hand security staff means bad actors can launch a more devastating attack, exfiltrate a larger quantity of data and cause greater disruption to an organization’s operations.
How Can Organizations Protect Themselves from an Attack?
Just like other forms of crisis, a blackout should be prepared for. Therefore, businesses must act now to bolster their security posture and ensure they are prepared for this new and emerging risk.
1. Understand the Risk
Knowing when blackouts are most likely to occur is crucial in mitigating their impact. Like on weekends and holidays, hackers will take advantage of blackouts as a chance to hit a company when its workforce is less likely to spot a breach. However, knowing that a cyber-attack is more likely to be launched in a specific blackout window (4-7 pm) means that organizations can put extra measures in place during these more vulnerable hours. Organizations and critical services that rely on remote IT and security support should consider ramping up onsite capability during the months when blackouts are most likely in case this remote support goes down.
Businesses should also consider sending out reminders to staff ahead of these periods to reinforce the importance of security best practices and continue with regular phishing training and simulations to ensure good email hygiene is front of mind. This is especially important considering the increasing sophistication of cyber-criminals and the sharp rise in phishing attacks – now the most common threat vector in the UK. Indeed, an attacker may breach a network before a blackout via a malicious email link, lie dormant and then launch malware when security teams are experiencing a power outage.
2. Plan Ahead
The best defense against a cyber-attack during a blackout is a proactive security strategy that plans for every scenario. A renewed risk assessment should be carried out, alongside updated business continuity planning (BCP) and disaster recovery (DR) plans, with uncovered anomalies added to risk registers. With all this, staff must be kept in the loop to reduce any panic or psychological stress that blackouts and potential cyber-attacks may cause.
3. Work Closely with Third Parties
To support in-house cybersecurity teams, businesses often look to third-party security partners. Outsourcing to a security operations center (SOC), for example, provides organizations with continuous threat monitoring, detection and remediation that will be especially useful in a time of blackout. However, organizations must work closely with their SOC providers and assess the risk together. Many SOCs will be preparing for blackouts by securing power banks and backup generators, for example, but it is advisable that organizations initiate a conversation with their security provider. A proactive, transparent discussion on how a SOC is preparing for a blackout will reassure businesses of their continued protection and ensure all eventualities are planned for.
Many organizations will be bracing themselves for a challenging winter, especially in light of the tough economic climate. Blackouts certainly pose a security risk and will need to become a discussion in boardrooms across the UK. Yet, with a proactive and measured approach to this new threat, which may include looking for outside support, the impact of blackouts can be greatly reduced.