Last month’s ransomware attack against the Mexican oil firm Pemex showed how the oil industry’s embrace of digital technology has made them a high-value target for hackers. The attack—a strain of ransomware that targets companies with revenues between $500 million and $1 billion—attacked Pemex’s system and brought administrative operations to a halt. This isn’t an isolated case. As the oil industry has embraced digital technology, bringing in valuable real-time data that allows them to make cost-effective decisions and monitor equipment for safety purposes, the trade-off has been increased vulnerability. Hackers, eager to take advantage of valuable targets are increasingly launching attacks against the oil and gas industry. With all this in mind, what are the key cybersecurity challenges facing oil and gas and how can they be addressed? We break it down.
OT Can Put Your Environment at Risk
Cybersecurity tends to focus on the IT environment, but it’s important to focus on the Operation Technology, or OT environment, as well. IT and OT are no longer segregated—more and more devices these days are connected in order to monitor performance, detect anomalies, and predict equipment performance.This rising connectivity means an increase of threats against OT systems that could come through something like an HVAC (Heating, Ventilation and Air Conditioning) system that a facility is using. Addressing the threats facing OT control systems means making sure that all software upgrades and patches for both IT and OT follow the right processes and are up-to-date.
Employees Can Make You Vulnerable
A recent survey from the oil and gas sector found that a 43% of significant cyber breaches were thanks to a lack of employee awareness. Hackers were able to take advantage of employees’ lack of knowledge about how to recognize and respond to cyberthreats and successfully launch phishing attacks against them. Providing regular training on cybersecurity is key to arming employees against cyberthreats. It’s also important to think about what communication tools employees use. Text, fax, email and social media each have their drawback: text, email and social media can easily be hacked and you have no control over where the content you send goes while fax is slow and tedious. Email is also one of the main ways that hackers successfully gain access into systems.That’s why it’s so important to use a private, secure communication solution that ensures only authorized people can communicate with each other, eliminating the threat of outside senders.
Supply Chains Can Mean External Threats
With supply chains, it isn’t only your employees who can make you vulnerable. Contractors can bring threats or vulnerabilities, for example, if they connect to your environment with a compromised laptop or tablet. That’s why it’s key to have processes in place to make sure that their machines are secure, patched and that there are no vulnerabilities before they can access your environment.
With the right processes, training and tools in place it becomes significantly easier to protect your facility from a cyberattack. Our private, secure communication solution protects facilities from phishing attempts and helps you keep operations running smoothly if an incident occurs. We provide an alternative secure network so that you can communicate with staff, clients, board members and other groups even if your system is compromised. Learn more about how we can help you stay secure and protect your operations during an incident here.