Report details rising cyber threats to critical sectors
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, released its latest report, Cyber Attacks On Infrastructure: The New Geopolitical Weapon. The report examines the growing threat of cyberattacks on critical infrastructure and provides insight into safeguarding against these potentially devastating attacks.
In recent years, cyberattacks targeting critical infrastructure have surged globally, posing significant risks to national security and economic stability. Unlike other data breaches, these attacks primarily seek to access control systems for the purpose of disruption or espionage. Energy, transportation, and telecommunications sectors have become primary targets. This is not surprising as these sectors, especially in developed countries, have become increasingly interconnected to digital technologies, which in turn have opened new vulnerabilities to cyberattacks. The consequences of these types of attacks are potentially devastating to nations, and thus geopolitical adversaries have made it a powerful addition to their arsenal of digital weapons.
Key findings from the report include:
- The number of vulnerable points in U.S. power grids is growing by approximately 60 per day, with the total count rising from 21,000 in 2022 to between 23,000 and 24,000 today
- Globally, the average number of weekly cyberattacks against utilities has quadrupled since 2020, with a doubling occurring in 2023 alone
- Between January 2023 and January 2024, critical infrastructure worldwide sustained over 420 million attacks – equivalent to 13 attacks per second – marking a 30% increase from 2022
According to KnowBe4’s 2024 Phishing by Industry Benchmarking Report, critical infrastructure sectors such as healthcare and pharmaceutical, education, and energy and utilities are in the high risk categories when it comes to employees falling victim to phishing tactics. This vulnerability is exploited by cybercriminals to infiltrate networks and systems.
"The findings in our report are a wake-up call for critical infrastructure sectors,” says Stu Sjouwerman, CEO at KnowBe4. “While the surge in cyberattacks on them is deeply concerning, it's important to remember that we're not powerless in this fight. By fostering a strong security culture that combines technology, processes, and people, we can significantly mitigate these risks. Every organization, regardless of size or sector, has a role to play in safeguarding our collective infrastructure. It's time we view cybersecurity not as just an IT issue, but as a fundamental aspect of our operational resilience and national security."
The report highlights recent high-profile attacks on global critical infrastructure, their far-reaching impacts, and provides actionable recommendations for organizations and institutions to enhance their cyber resilience.
To download a copy of KnowBe4’s report, Cyber Attacks On Infrastructure: The New Geopolitical Weapon, click here.
About KnowBe4
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
