Cybersecurity Preparedness Doesn’t Measure Up

March 16, 2015
According to a recent survey, 60 percent of oil and gas companies do not have an incident response plan in place, despite the growing awareness of cybersecurity concerns.

Cybersecurity has unquestionably been getting attention lately, and companies in all walks of life seem to be at least more aware of the issues before them. But actually taking the steps necessary to guard against threats may be a different story.

According to a study conducted by Oil & Gas IQ and commissioned by security provider Fox-IT, although 90 percent of the oil and gas companies surveyed agree that it is vital to respond to a security incident within hours, only 40 percent have an incident response plan in place.

In fact, an alarming number of companies seem to be taking the steps necessary to protect their assets from attack. As another case in point, hacktivism (the use of network attacks to support a political agenda) has become one of the biggest concerns of oil and gas companies. And yet only 11 percent of those responding to the survey are fully confident that they can handle the hacks appropriately. Meanwhile, 37 percent indicate that they are “not confident.”

Almost a quarter of the respondents (23 percent) are not even actively monitoring their networks. And 19 percent have not segregated their information technology (IT) network from their operational technology (OT) network. This, despite the fact that almost half of the oil and gas companies estimate the costs of recovering from a cyber attack at somewhere between €500,000 and €1 million ($529,105 to $1.06 million). Nearly 20 percent put that figure at more than €10 million ($10.58 million).

“The results of this survey are a cause for concern. One cannot help but wonder if stakeholders at oil and gas companies are aware of the urgency of the situation,” says Ronald Prins, director and co-founder at Fox-IT. “It is essential that they address the need to seriously secure their industrial control system networks as soon as possible. If they don’t, an attack might become a disastrous reality.”

Activities over the past five years have shown that critical infrastructures are a target for cyber attacks, Prins adds. “Cybersecurity incidents are a daily occurrence, confirming the importance that it is something you need to be prepared for—for starters, monitoring your network with a reliable security operations platform is crucial, followed by obstructing outside attacks on your IT and OT network with preventive measures like data diodes.”

Sponsored Recommendations

Understanding and Using E-Stops

E-stops, or emergency stop switches, are used to ensure machine as well as personnel safety. They are used to provide a consistent and predictable failsafe response on a wide ...

Demystifying motor disconnect switches: What are they and how are they used?

From conveyor belts to drum mixers, motors are used in virtually every industrial application to drive machinery. Equipment downtime is the main motivation behind monitoring and...

Full Line of DIN Rail Terminal Blocks Video

Altech offers an extensive line of DIN Rail Terminal Blocks including all major Connection Technologies available in the industry to meet requirements for a vast variety of applications...

The Value of Integrating DIN Rail Cylindrical Fuse Holders Into Your Designs

What short circuit currents do I have to consider when purchasing a DIN rail cylindrical fuse holder? That data is available from the manufacturer. For example, Altech cylindrical...