Home

Cybersecurity Preparedness Doesn’t Measure Up

March 16, 2015

According to a recent survey, 60 percent of oil and gas companies do not have an incident response plan in place, despite the growing awareness of cybersecurity concerns.

Aaron Hand

Cybersecurity has unquestionably been getting attention lately, and companies in all walks of life seem to be at least more aware of the issues before them. But actually taking the steps necessary to guard against threats may be a different story.

According to a study conducted by Oil & Gas IQ and commissioned by security provider Fox-IT, although 90 percent of the oil and gas companies surveyed agree that it is vital to respond to a security incident within hours, only 40 percent have an incident response plan in place.

In fact, an alarming number of companies seem to be taking the steps necessary to protect their assets from attack. As another case in point, hacktivism (the use of network attacks to support a political agenda) has become one of the biggest concerns of oil and gas companies. And yet only 11 percent of those responding to the survey are fully confident that they can handle the hacks appropriately. Meanwhile, 37 percent indicate that they are “not confident.”

Almost a quarter of the respondents (23 percent) are not even actively monitoring their networks. And 19 percent have not segregated their information technology (IT) network from their operational technology (OT) network. This, despite the fact that almost half of the oil and gas companies estimate the costs of recovering from a cyber attack at somewhere between €500,000 and €1 million ($529,105 to $1.06 million). Nearly 20 percent put that figure at more than €10 million ($10.58 million).

“The results of this survey are a cause for concern. One cannot help but wonder if stakeholders at oil and gas companies are aware of the urgency of the situation,” says Ronald Prins, director and co-founder at Fox-IT. “It is essential that they address the need to seriously secure their industrial control system networks as soon as possible. If they don’t, an attack might become a disastrous reality.”

Activities over the past five years have shown that critical infrastructures are a target for cyber attacks, Prins adds. “Cybersecurity incidents are a daily occurrence, confirming the importance that it is something you need to be prepared for—for starters, monitoring your network with a reliable security operations platform is crucial, followed by obstructing outside attacks on your IT and OT network with preventive measures like data diodes.”

About the Author

Aaron Hand | Editor-in-Chief, ProFood World

Aaron Hand has three decades of experience in B-to-B publishing with a particular focus on technology. He has been with PMMI Media Group since 2013, much of that time as Executive Editor for Automation World, where he focused on continuous process industries. Prior to joining ProFood World full time in late 2020, Aaron worked as Editor at Large for PMMI Media Group, reporting for all publications on a wide variety of industry developments, including advancements in packaging for consumer products and pharmaceuticals, food and beverage processing, and industrial automation. He took over as Editor-in-Chief of ProFood World in 2021. Aaron holds a B.A. in Journalism from Indiana University and an M.S. in Journalism from the University of Illinois.