Cyber Attack Resilience in Oil and Gas
The electronics sector is no stranger to cyber attacks. For many American families and businesses, the most disruptive event in recent history occurred in May 2021 with a ransom attack that shut down the Colonial Pipeline, the largest US oil and gas pipeline that supplies nearly half of the East Coast’s oil.
With the number of connected industrial devices expected to reach 37 billion by 2025, digital technology is rapidly transforming the oil and gas industry from a manufacturing business driven by analogue equipment to an automated, remote and intelligent (AI) industry that drives risk. -options based on internet speed. This digital speed comes at a price, however; As oil and gas companies shift operations to digital, they simultaneously expose their companies to cyber risk.
Cybercriminals see the energy industry as a target for cyber attacks for financial, criminal or political purposes. A recent study from IBM shows, the number of threats against devices connected to technology increased 20 times from 2018 to 2019. Another study from IBM Security and the Ponemon Institute shows that the average cost of a data breach has increased by more than 13% since then. 2019, up to $6.39 million – a price higher than the international average of $3.86 million.
To prepare for the ever-changing and increasingly complex nature of energy and infrastructure, energy sector CEOs and corporate board members must follow best practices and key lessons learned from decades of successful – and learning from – risk management failures. of cyber.
The World Economic Forum (WEF) sets out the principles of current best practice in a practical book entitled Cyber Resilience in the Oil and Gas Industry: A Playbook for Boards and Corporate Officers. Oil and gas industry leaders seeking to address cyber threats will gain guidance on how to apply key principles to their organizations and how to adapt security strategies throughout this valuable and dynamic environment.
WEF’s six bold principles for oil and gas infrastructure are based on the real-world experiences of leading oil and gas companies, including:
- Governance of cyber resilience – Cybersecurity efforts depend on greater participation within the organization. Efforts to coordinate and establish clear accountability are critical to success.
- Resilience by design – Integrating cybersecurity as part of design and part of corporate culture helps improve outcomes.
- Corporate responsibility for resiliency – Recognizing that technical, frequent threats may persist or increase, organizations must assess their cyber risk, and take responsibility for managing those risks.
- A holistic risk management approach – Like any other risk, managing a cyber attack requires responsibility, funding, resources and accountability. In the oil and gas sector, it is very important to find and reduce the risk of all the precious parts, so that one weak link does not stop the production.
- Global integration – Weak links in security can be outside the organization. A deliberate effort to share information about cyber threats, use best practices and improve cyber security maturity across the sector will contribute to the sustainability of the industry.
- Ecosystem-wide cyber resilience plans – Recognizing that cyber attacks will continue to occur, organizations must develop robust plans to mitigate the damage to those who are successful or less successful. Cybersecurity practices help defenders measure and improve security – including how to work with business partners.
Oil and gas sector leaders will need to strengthen the cyber capabilities of their organizations and relationships to continue to provide reliable, timely oil supplies to their customers in a future filled with cyber threats.
For more information on how to protect your business from cyber attacks, check out the many cyber security topics on our blog or contact INSURICA today.