14 DAY TRIAL // Companies from the oil and gas industry are reporting that, during the past year, they saw more cyberattacks than before, with over 82% having reported incidents in the last twelve months.
Over 150 IT professionals in the energy, utilities, and oil and gas industries responded to a study by security vendor Tripwire, painting a grim picture of the energy sector, which recently saw successful malware attacks against multiple power grid stations in the Ukraine that led to prolonged power outages around Christmas time.
Out of the 82% of companies that reported a cyberattack in the last year, more than half of them (53%) are saying they saw an increase in attacks ranging from 50% to 100% while 21% are reporting an increase of attacks of between 20% and 50%. Only 13% of respondents claim they saw an increase between 10% and 20%, and 11% of companies are reporting cyberattacks with an increase of less than 10% compared to last year.
Worse is the fact that 69% of the IT professionals in charge of security measures for these companies also say they aren't properly prepared to detect a cyberattack if one does happen.
Oil and gas companies aren't up to par when it comes to security measures
The good part is that, due to the way most systems implemented in oil and gas companies work, the IT (Information Technology) and the OT (Operational Technology) networks are in most cases separated from one another, and a cyberattack on the IT network would rarely reach ICS/SCADA systems.
Unfortunately, oil and gas companies have not yet understood that IT and OT roles are different, still perceiving the two as one single entity.
The Tripwire survey reveals that, in 72% of the surveyed companies, a single executive has security responsibilities for both the IT and OT systems, and only in 19% of enterprises is this role split into two separate jobs.
Furthermore, in 8% of companies, the role of an information security expert is shared by the same individual that's not an executive and has no real say in the company's day-to-day operations.
With incidents like the one in the Ukraine, companies in the energy field got a wake-up call and will have to adapt to their new position of pawns on the chessboard of a country's cyberwars.
