[datensicherheit.de, 03/29/2025] As the basis of all life, water is undisputedly one of the most valuable resources of all – and as such is increasingly at risk: „So it’s no wonder that the water supply is also increasingly becoming the target of criminal activity,“ warns Marco Eggerling, Global CISO at Check Point Software. Water treatment plants and distribution systems are dependent on remote control – if they are compromised, the results could be catastrophic: „The consequences are contamination, supply interruptions and risks to public health!“

Foto: Check Point Software

Marco Eggerling: Governments, water utilities and cyber security experts must work together to protect these vital systems!

Realise the economic impact of vulnerabilities in water supply IT systems

For example, an assessment by the US Environmental Protection Agency (EPA) from 2024 found „that 97 drinking water systems serving approximately 26.6 million people have critical or high-risk cyber security vulnerabilities“. Figures from Check Point Research speak a similar language: According to them, there has been an average of 1,872 weekly attack attempts per company in the energy and utilities sector (including water) in 2025. This corresponds to an increase of 53 per cent compared to the same period in the previous year, 2024.

„Europe recorded the second largest change with a huge 82 per cent increase in attacks compared to the same period last year, behind North America with 89 per cent.“ This makes it all the more important to bear in mind the economic impact of vulnerabilities in IT systems for water supply and to take a look at the most important security measures.

A compromised system can lead to contaminated drinking water, among other things

In addition to public health, cyber attacks on water infrastructure would also have a massive economic impact. However, the risks go beyond mere business interruptions: „A compromised system could lead to contaminated drinking water, which poses a serious threat to the public health and safety of potentially hundreds of thousands of people.“

In addition to private households, numerous industries are also dependent on a steady and safe water supply – „including manufacturing companies and data centres that need water for their cooling systems“. A cyber attack on these supply companies could lead to far-reaching disruptions with serious consequences. Eggerling points out: „Disruptions to the water supply can bring industry to a standstill, affect agriculture and destabilise the local economy.“

Even a one-day interruption to the water supply can jeopardise billions in economic activity

He reports: „In the USA, such a disaster has already been simulated: According to the US Water Alliance, a one-day interruption to the water supply could jeopardise economic activity to the tune of 43.5 billion US dollars. A simulated example of a cyber-attack on Charlotte Water in North Carolina resulted in daily revenue losses of at least 132 million USD with replacement costs of more than 5 billion USD, according to a review of the agency’s cybersecurity initiatives.“

Eggerling also makes it clear that Europe is also being targeted: „In Italy, Alto Calore Servizi SpA, an Italian company that supplies 125 municipalities in southern Italy with drinking water, was hit by a ransomware attack in 2023. The state-owned company also manages wastewater and sewage treatment services for both provinces.“ Although this cyber attack did not lead to an interruption in the water supply, the company’s database was compromised, „rendering all IT systems unusable“.

Water supply systems with often outdated infrastructures suddenly exposed to internet-based threats

Water supply systems in particular are highly vulnerable, as often outdated infrastructure is suddenly exposed to internet-based threats and the potential for disruption makes these facilities a prime target. In reality, a compromised facility goes beyond a mere cyber incident, as it affects the entire country, makes headlines and, more importantly, poses a direct threat to public safety.

The economic toll of a successful cyber-attack on water utilities is so great that this risk cannot be ignored. Critical infrastructure operators must therefore prioritise the digital resilience of their systems and consider investments in cyber security as investments in economic stability.

Tips for strengthening the cyber defence of water suppliers

Water utilities need to „take a proactive approach to cyber security“, according to Eggerling’s recommendation. Some notes on key steps to improve security:

• Invest in endpoint and network security
  Water utilities should utilise AI-powered threat detection systems to monitor network activity and fend off intruders.
• Gaps in legislation leave utilities unprotected
  Cyber regulations for water utilities are not as strict as those for the electricity or financial sectors, so more needs to be done in this area.
• Cyber security training
  Training should be a top priority for improving cyber readiness, as there is a severe lack of cyber security training among water utility operators and many organisations do not have dedicated cyber security staff.
• Enforcement of multi-factor authentication (MFA)
  Unsecured remote access to OT (Operational Technology) systems is often a major vulnerability because attackers usually exploit weak remote access protocols. „MFA can remedy this by requiring every access attempt to first be verified according to the zero trust principle and using biological characteristics such as fingerprint/face recognition or consent via other paired devices.“
• Development of incident response plans
  Water suppliers should have contingency plans in place to minimise the damage caused by potential attacks.

With cyber threats to water infrastructure on the rise, the need for proactive security measures has clearly never been greater. Eggerling concludes: „Governments, water utilities and cyber security experts must work together to protect these vital systems before further attacks seriously impact this important industry and put lives at risk.“

Further information on the topic:

The Record, Jonathan Greig, 11/19/2024
Many US water systems exposed to ‘high-risk’ vulnerabilities, watchdog finds

Industrial Cyber, 11/15/2024
US EPA report cites cybersecurity flaws in drinking water systems, flags disruption risks and lack of incident reporting

U.S. ENVIRONMENTAL PROTECTION AGENCY, 11/13/2024
Management Implication / Report: Cybersecurity Concerns Related to Drinking Water Systems

THE CYBER EXPRESS, Ashish Khaitan, 05/02/2023
Medusa Ransomware Group Claims Alto Calore Cyber Attack / Alto Calore Servizi SpA is a joint-stock company consisting of 126 shareholders, including 125 municipalities in the province of Avellino and Benevento

datensicherheit.de, 02/10/2021
Am 5. Februar 2021 griffen Hacker Wasseraufbereitungsanlage in Oldsmar an / Vermeidung von Fernzugriffen aber keine Lösung gegen Hacker-Attacken in der zunehmend digitalisierten Welt

datensicherheit.de, 02/10/2021
Nochmals Glück gehabt: Hacker-Attacke auf Wasseraufbereitungsanlage in Florida / Hacker-Angriffe zeigen, dass Cyber-Sicherheit für Kritische Infrastruktur wichtiger denn je ist

datensicherheit.de, 02/10/2021
Über Teamviewer-Fernzugriff: Hacker vergiften Wasser in Florida / Nächste Hacker-Opfer womöglich „Microsoft 365“- und „Azure“- sowie „SAP“-Module

datensicherheit.de, 04/28/2020
Wasserversorgung: Cyberangriff auf kritische Infrastruktur in Israel / Kombination aus Altsystemen, wachsender Konnektivität und föderalistischem Management erfordert hohe Priorität der Cybersicherheit

datensicherheit.de, 10/30/2018
Untersuchung zeigt Potential von Cyberangriffen auf Wasser- und Energieversorger / Viele Systeme in kritischen Infrastrukturen sind anfällig für digitale Bedrohungen

datensicherheit.de, 08/08/2018
Städtische Wasserversorgung bedroht: Botnetze aus intelligenten Rasensprengern / Wissenschaftler der Ben-Gurion-Universität haben Hersteller über kritische Anfälligkeiten in ihren Produkten informiert

datensicherheit.de, 07/21/2016
Kritische Infrastrukturen im Visier: Hacker könnten Wasserversorgung kappen / „BSI-KritisV“ sollte dringend umgesetzt werden, um Zugriffe zu überwachen und zu beschränken

[datensicherheit.de, 03/26/2025] „In the time it takes you to read this article, at least twelve more cyber attacks will have taken place – one every 14 seconds,“ warns NordPass in a recent statement dated March 26th 2025. According to a recent NordPass study, the USA is by far the most popular target. This study, conducted in collaboration with NordStellar to investigate cyber security incidents, confirms a worrying trend: „Attacks are on the rise!“

Companies that offer B2B services, internet and web services as well as banking and credit services are particularly affected

„In the last quarter, companies using NordStellar’s ‘Dark Web Monitoring Tool’ detected 772 cyber security incidents in their corporate environment.“ In January 2025, there were already 321 incidents. According to NordPass, by far the most data breaches in the last quarter were recorded in the USA (61), followed by India (13) and the United Kingdom (7).

It is also worth noting that in the last quarter of 2024 and in January 2025, most data breaches occurred at companies „providing business services (B2B), internet and web services, and banking and credit services, including fintech companies“.

„At a time when the number of cyber-attacks is at an all-time high, a single compromised password can allow malicious actors unauthorised access to sensitive company data. It is therefore crucial for companies to strengthen their cyber defences not only through education, but also by using the right tools,“ emphasises Karolis Arbaciauskas, Head of Business Product at NordPass. For example, they could use the free ‘Dark Web Monitoring Tool’ to check whether their company data has ever been exposed.

Targeting small companies too

Arbaciauskas adds that many small business owners do not recognise the need for cyber security tools because they believe their companies are too small or too insignificant to be of interest to cyber criminals. „However, the data shows the opposite trend!“ He knows from experience that people all over the world think this way.

His warning: „But this is a deceptive feeling. Cyber attacks that target specific companies or individuals, as we know them from films, are very rare. Threat actors usually cast their nets over a wide area and see who they can catch.“ The data also shows that the victims are usually small companies with up to 35 employees.

According to Arbaciauskas, larger companies generally place more emphasis on training their employees, have solid security guidelines and are better prepared technologically to defend against attacks. As a result, cyber incidents occur less frequently in big companies. „And when large, well-known companies are hacked, we all hear about it in the news. At the same time, thousands of incidents in small companies often go unnoticed.“

On average, it takes companies 204 days to detect a cyber security breach

Even if an incident is detected, it usually takes a very long time for a response to follow and for the incident to be resolved: „On average, it takes companies 204 days to detect a security breach and another 73 days to contain it.“

Due to reused and insecure employee passwords or downloaded malware, company credentials often show up in compromised databases, giving hackers the opportunity to penetrate the system. For smaller companies, a serious data breach can mean certain doom – as the financial costs and reputational damage can be immense.

According to estimates from IBM, the average cost of a data breach is around 4.45 million USD. „This represents a 15 per cent increase over the last three years and highlights the increasing financial impact of data breaches on today’s businesses.“

Identify vulnerabilities in the company’s IT infrastructure and develop strategies to defend against threats

According to Arbaciauskas, every organisation, regardless of its size or type, should take extra care when it comes to cyber security. For him, the use of important tools such as password managers, which enable secure management of company data and access, or virtual private network (VPN) solutions is „a first step towards greater resilience against online threats„.

In addition, a cyber security review is helpful in identifying weaknesses in a company’s IT infrastructure and developing strategies to defend against threats. Arbaciauskas concludes: „It is also important to invest in general cyber security awareness within the organisation to avoid misconduct, which can often lead to serious data breaches.“

The study on which this article is based was conducted in collaboration with NordStellar. The data was analysed based on factors such as country, industry, company type, company size and type of data affected. The focus was on cyber security breaches in the last quarter (beginning of October to end of December 2024) and in January 2025.

Further information on the topic:

NordPass, Maciej Bartłomiej Sikora, 10/28/2024
Data Breach Trends Report 2024

NordPass
A cyberattack strikes every 14 seconds / Check if your company is exposed using our free dark web monitoring tool

IBM
Cost of a Data Breach Report 2024

datensicherheit.de, 01/20/2020
Allianz-Studie: Cybercrime als Sicherheitsrisiko Nummer 1 / Marc Schieder fordert IT-Security zur „Chefsache“ zu machen

[datensicherheit.de, 03/25/2025] In a statement dated March 18th 2025, KnowBe4 warns that most educational institutions lack the resources for solid and comprehensive cyber security programmes – this finding is based on the new KnowBe4 report „From Primary Schools to Universities, The Global Education Sector is Unprepared for Escalating Cyber Attacks“. According to this report, other cyber security experts also share the concern about the cyber fragility of the education sector: Check Point Research, for example, found that it was apparently the sector most affected by cyber attacks in 2024. In any case, the number of cyber attacks in this sector has risen sharply.

Foto: KnowBe4

Stu Sjouwerman on the topic of Human Risk: All people with access to IT systems should have the right tools, training and awareness to protect themselves from cyber threats!

Key findings of the KnowBe4 report on cyber threats in the education sector:

• Both schools and universities often rely on third-party providers for „software-as-a-service“, „cloud“ storage and IT services
  This poses a risk, as vulnerabilities or breaches in third-party systems could later affect all institutions using these services – often unnoticed.
• Combination of modern and old IT systems opens gateway for attackers
  The search for a gateway for attackers is made easier by the fact that schools and universities often combine modern and old IT systems due to limited resources and the increasing need for modernisation – „which can lead to highly sensitive personal data remaining on outdated systems that can be exploited!“
• In its „Data Breach Investigations Report (DBIR) 2024“, Verizon investigated a total of 30,458 security incidents
  According to this report, 10,626 of these were confirmed data breaches: Of these, 1,780 incidents (17%) were attacks on the education system and 1,537 (14%) were confirmed data breaches, making the education system one of the five most affected industries worldwide.
• In 2023, Trustwave researchers observed 352 ransomware attacks on educational institutions
  According to the Trustwave study in question, phishing is the most common method used to infiltrate an organisation.

Educational institutions: An unprecedented level of cyber risk

This KnowBe4 report aims to demonstrate the significant impact of security training on reducing human risk in educational institutions: „After participating in sustained training and phishing simulations for a year or more, the vulnerability of employees in small educational institutions to phishing attacks dropped dramatically – from 33.4 per cent to 3.9 per cent.“

„Today’s education environment is becoming increasingly digital, increasing the attack surface of educational institutions and creating an unprecedented level of cyber risk,“ comments Stu Sjouwerman, CEO of KnowBe4. He adds: „Educational institutions have inadvertently become prime targets for sophisticated threat actors due to a general lack of resources.“

According to Sjouwerman, the most concrete and effective step an educational institution can take to protect important and sensitive data is to ensure that all individuals accessing IT systems have the right tools, training and awareness to protect against cyber threats and reduce human risk.

Further information on the topic:

KnowBe4
From Primary Schools to Universities, the Global Education Sector is Unprepared for Escalating Cyber Attacks

TRUSTWAVE, Serhii Melnyk, 01/21/2025
The New Face of Ransomware: Key Players and Emerging Tactics of 2024

CHECK POINT, 08/13/2024
Research: Check Point Research Warns Every Day is a School Day for Cyber Criminals with the Education Sector as the Top Target in 2024

verizon business, 2024
Data Breach Investigations Report 2024

datensicherheit.de, 09/16/2020
Europas Bildungswesen vermehrt im Visier der Hacker / Verlagerung des Unterrichts ins Internet macht diesen Bereich sehr attraktiv für Hacker

datensicherheit.de, 09/07/2020
E-Learning: Bildungseinrichtungen vor Bedrohungen schützen / Matthias Canisius fordert „Sicherheitskultur des Misstrauens und der Wachsamkeit“ angesichts wachsender Bedrohungen durch Cyber-Angriffe

datensicherheit.de, 06/04/2020
DDoS: Bildungseinrichtungen im Dauerstress / Laut NETSCOUT besteht bezüglich Cybersecurity „immer Prüfungszeit“

datensicherheit.de, 05/12/2020
Cloud: Datenaustausch gefährdet IT-Sicherheit im Bildungssektor / 54 Prozent der Mitarbeiter in Bildungseinrichtungen nutzen Cloud-Anwendungen zum Austausch sensibler Daten

datensicherheit.de, 12/16/2018
Krypto-Jacking: Bedrohung vor allem für das Bildungswesen / NTT Security warnt vor Missbrauch von IT-Systemressourcen durch Cyber-Kriminelle