Often when we hear buzzwords like botnet, malware and spear phishing (among many, many others), we tend to associate them with certain industries — retail, health care, banking. However, in a world driven by the constant effects of newer and better technology, all industries are being affected. Specifically, the oil and gas industry has seen an increase in cyberattacks.

The question is: How can organizations in the oil and gas industry protect themselves and prepare for the realities of their digital future? The most important thing they can do is learn the importance of being secure and the negative impact an attack can have on their companies.

According to a recent study, ABI Research predicted that oil and gas companies will spend $1.87 billion on cybersecurity by 2018. Thus, it is important that petroleum companies educate themselves on advanced threats and act now to prevent cyberattacks.

The Threat of Cyberattacks

One of the greatest dangers petroleum companies face is a breach of their sensitive information, which could result in a company shutting down, depending on how the exfiltrated information is used and/or distributed. Or what if a cybercriminal gained access to the control panel that operates the wells? Essentially, any cyberattack on a petroleum company will have a ripple effect throughout the industry, from the large companies down to your small, mom-and-pop water-hauling services.

The Ponemon Institute recently conducted a report sponsored by Siemens to “understand how companies in the oil and gas industry are addressing cybersecurity risks in the operational technology (OT) environment.” The study found that an average of 46 percent of all cyberattacks in the OT environment go undetected. Given that number, it’s only a matter of time before a devastating attack creates major turmoil in the industry.

Cybersecurity’s Future Lies in Cognitive

Imagine being able to get real-time information about SCADA data with the push of a button. With projects like Havyn powered by Watson in the works, the world of security is changing for all industries. Havyn is a voice-enabled virtual assistant who can gather information on security threats in seconds with a simple voice command. With its cognitive abilities and the rapid changes happening every day, the energy industry could use Havyn to monitor their security with ease. To find out more about Project Havyn, watch this video:

What’s the takeaway here? A wait-and-see approach to cybersecurity is not an appropriate course of action. You cannot just hope for the best and remediate attacks after the fact. Instead, the oil and gas industry needs to learn and implement strong security measures. Cyberattacks are happening more and more every day, so it is essential that the oil and gas industry works to maintain the security of their systems.

Read the complete report: Security attacks on industrial control systems

More from Energy & Utility

Today’s biggest threats against the energy grid

2 min read - Without the U.S. energy grid, life as we know it simply grinds to a halt. Businesses can’t serve customers. Homes don’t have power. Traffic lights no longer work. We depend on the grid operating reliably each and every day for business and personal tasks. That makes it even more crucial to defend our energy grid from modern threats. Physical threats to the energy grid Since day one, the grid has been vulnerable from a physical perspective. Storms knocking the grid…

2022 industry threat recap: Energy

3 min read - In 2022, 10.7% of observed cyberattacks targeted the energy industry, according to the X-Force Threat Intelligence Index 2023. This puts energy in fourth place overall — the same as the year prior and behind manufacturing, finance and insurance and professional and business services. The report notes that this reduction in total cyberattacks may be partly tied to pushback from highly public breaches in 2021, such as the Colonial Pipeline attack. Despite the overall drop in threats, however, the industry remains…

X-Force 2022 insights: An expanding OT threat landscape

9 min read - This post was written with contributions from Dave McMillen. So far 2022 has seen international cyber security agencies issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of two new OT-specific pieces of malware, Industroyer2 and InController/PipeDream, and the disclosure of many operational technology (OT) vulnerabilities. The OT cyber threat landscape is expanding dramatically and OT asset owners and operators, all of whom understand the need to keep critical infrastructures running safely, need to be aware…

One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem

3 min read - The Colonial Pipeline cyberattack is still causing ripples. Some of these federal mandates may mark major changes for operational technology (OT) cybersecurity. The privately held Colonial Pipeline company, which provides nearly half of the fuel used by the East Coast — gasoline, heating oil, jet fuel and fuel for the military totaling around 100 million gallons a day — was hit by a double-extortion ransomware attack by a DarkSide group in May of 2021.  In reaction, the company shut down…