The Oil and Gas Sector Needs Layered Cybersecurity, here’s why.
In a recent EY survey of IT professionals in oil and gas, 60% of respondents said their businesses had recently experienced a substantial cybersecurity incident. Most of these attacks used phishing and other forms of social engineering to spread malware and compromise user accounts and credentials. More than three-fourths (78%) of respondents said that a careless end-user was the most likely source of an attack.
However, the oil and gas industry must also cope with threats targeting operational technology (OT) networks and Internet of Things (IoT) devices. OT includes hardware and software, such as SCADA and other industrial control systems, that monitor and/or operate their physical infrastructure. Increasingly, these tasks are being performed by IoT devices, which offer more complex capabilities and global access to data. Unfortunately, OT networks often lack even basic security and are susceptible to attacks that compromise sensitive data, disrupt operations, and jeopardize human and environmental safety.
Conventionally, organizations protected their OT networks by separating them from the public Internet. However, a recent study found that one-third of all sites in oil and gas, energy, manufacturing, and other industries are connected to the Internet, proving that this method often doesn’t exist.
The study also found that most OT networks can be easily breached because they do not receive the necessary security patches or use antivirus protection. Most use ineffective passwords that can easily be cracked to gain access to critical industrial devices. Many have one or more rogue devices and wireless access points that hackers can take advantage of to access the network. Most are using remote management tools, which can be used to manipulate equipment when compromised.
A recent survey of IT professionals in oil and gas, 60 percent of respondents said their organizations had recently suffered a substantial cybersecurity incident.
Considering these threats, EY recommends that oil and gas firms implement a cybersecurity strategy based upon these core principles:
- Because OT and IoT systems are highly vulnerable, network defenses should include an advanced firewall, intrusion prevention and antimalware services to prevent attacks from entering the network.
- End-user security should concentrate on preventing phishing, quickly detecting and blocking malicious content, and continuously scanning endpoint devices.
- Cybersecurity systems should not rely on signatures but use continuous monitoring, behavior analysis and threat intelligence to detect unknown and developing attacks.
- Oil and gas firms should leverage security operations center (SOC) services for 24/7 monitoring and detection and response.
Security Solutions for Oil & Gas
Radiant Technology Solutions offers a comprehensive suite of security services that fully address these requirements. Our infrastructure, end-user, email and web security work together to protect the IT environment and are monitored and managed by our teams. Our managed network services incorporate these defenses, providing secure connectivity for oil and gas operations regardless of location. Let us put our advanced technology and years of experience in oil and gas to work for your business.
Need help securing your network? Just give us a call.