Mining, Quarrying, and Oil & Gas Extraction + Utilities
NAICS 21+22

    • Summary

      These industries suffered from Social Engineering attacks this year. Credentials, Personal and Internal data are the most commonly lost data varieties. Ransomware is also a major threat for these verticals.


      546 incidents, 355 with confirmed data disclosure

      Top Patterns

      Social Engineering, System Intrusion and Basic Web Application Attacks represent 98% of breaches

      Threat Actors

      External (98%), Internal (2%) (breaches)

      Actor Motives

      Financial (78%-100%), Espionage (0%-33%) (breaches) (breaches)

      Data compromised

      Credentials (94%), Personal (7%), Internal (3%), Other (3%) (breaches)

      Top IG1 Protective Controls

      Security Awareness and Skills Training (14), Access Control Management (6), Account Management (5)

  • While most of us do not have to think about how to extract precious metals and minerals, or how to generate electricity and manage the complex infrastructure required to power up your PlayStation 5 (if you could find one), the folks in these industries have to do all those things on a daily basis. Not only must they combat various environmental threats, like thunderstorms, broken pipes and squirrels, but they also face threats from the cyber world. Let us dig into the industries that have made our modern connected world possible, despite how that modern connected world tries to bite the hands that feed them. 

    These industries do not differ vastly from other industries in regard to the top three patterns. However, the breakdown of these patterns does vary. In this sector, Social Engineering seems to be dominating both breaches and incidents this year, with sustained phishing campaigns occurring against some organizations (Figure 112). Social Engineering accounts for 86% of the breaches in this vertical, followed by System Intrusions and Basic Web Application Attacks.

    The next most common type of attack is Ransomware, which accounts for 44% of non-Social Engineering attacks in this industry.

  • Figure

Let's get started.