Semperis Study Highlights Escalating Cybersecurity Threats to Water and Electric Utilities

Compromise of Identity Systems

The study emphasizes the vulnerability of identity systems, such as Active Directory, Entra ID, and Okta, which were compromised in 67% of the reported attacks.

This highlights a critical area of concern, as the integrity of these systems is fundamental to organizational security.

Operational Disruptions and Data Integrity

The repercussions of these cyberattacks are profound, with 57% of affected utilities reporting operational disruptions and 54% experiencing permanent data corruption or destruction.

These incidents not only jeopardize service delivery but also pose significant risks to public safety and economic stability.

Expert Insights on Emerging Threats

Chris Inglis, former U.S. National Cyber Director and Semperis Strategic Advisor, highlighted the stealthy nature of these cyber threats, particularly from groups like China’s Volt Typhoon, known for their “Living off the Land” tactics that allow prolonged undetected presence within systems.

Recommendations for Enhancing Cyber Resilience

In response to these findings, experts advocate for utilities to adopt an “assume-breach” mindset, emphasizing the importance of proactive incident response planning and regular simulation exercises to bolster cyber resilience.

Mickey Bresman, CEO of Semperis, stressed the necessity for utilities to prepare for inevitable breaches and to practice response strategies accordingly.

Conclusion

The Semperis study serves as a critical alert to the escalating cyber threats facing essential services.

It underscores the imperative for utility providers to prioritize cybersecurity measures, particularly the protection of identity systems, to safeguard public safety and maintain economic stability.​