Oil & Gas Security Appears Muddled

Friday, April 7, 2017 @ 06:04 PM gHale

There is no doubt oil and gas companies are more advanced when it comes to cybersecurity, but even most of them are not fully aware of when or even how cyberattacks might affect them, new research found.

Despite that lack of knowledge, 74 percent of the 186 oil and gas company leaders surveyed said their organization is confident cybersecurity measures will yield valuable results.

Manufacturing Spending More on Security
Compromised Records Skyrocket
Used Devices Contain Vital Information
DDoS Attacks: Cost and Profitability

In addition, over three-quarters believe their top strategies are now able to protect their companies’ reputations, information and prevent service disruption, according to research from Accenture.

Notwithstanding, 60 percent of energy leaders said cybersecurity is a bit of a black box, as they don’t quite understand the timing or impact of cyberattacks, the survey said. When asked about basic requirements to keep their company secure, energy leaders were less confident than their counterparts in other industries in their ability to measure the impact of breaches (40 percent compared to 47 percent for the cross-industry average) and to know their frequency (28 percent compared to 41 percent).

Oil and gas company leaders reported an average of 96 cyberattacks over 12 months, with one in three succeeding in a breach discovered only 62 percent of the time by firms’ security teams. Even then, detection took months for 51 percent of companies and weeks for 25 percent. The rest of the time, other employees and law enforcement officials most often discovered the breaches.

Oil and gas companies don’t have far to look to identify the sources of most cyberattacks.

Company leaders said breaches are mostly from malicious company insiders (43 percent) or staff who accidentally published information (23 percent). Hackers accounted for 21 percent of attacks.

Executives identified the top effective tools for responding to cyberattacks as internal cross-functional teams (41 percent), standard operating procedures (37 percent), established technologies (36 percent) and communications plans (34 percent).

Not surprisingly, with the rise of the Industrial Internet of Things (IIoT) and the convergence of operational technology and information technology, respondents cited the need to fill cybersecurity gaps in end point/network security as their most pressing concern (55 percent). They expressed low confidence (18 percent) in identifying high-value security assets and business processes needed for better protection, and only 24 percent were confident of their capabilities in cyberattack scenarios.

Leave a Reply

You must be logged in to post a comment.