Not only are cyber threats a real danger for oilfield companies, the rate and intensity are accelerating and whether a company is a large E&P company or a small vendor is not influencing hackers’ interest. Often working 24/7, as are the dedicated legions of Chinese military, they simply look for wherever they can find security ‘holes’ to exploit in company IT systems worldwide.
Unfortunately for the oil and gas industry, its companies have proven too appealing a target, with 40% of all cyber attacks globally directed at oilfield IT critical infrastructure. Yet, oil industry executives can be proactive in traditional and non-traditional ways.
Outwitting the hackers
A tested cybersecurity strategy stands on four legs. One is Prevention and Defense, usually provided by firewalls and anti-malware (which can only deal with known threats). Two is Monitoring, using network technologies to spot anomalies in the system. Three is Evaluation and Risk Assessment, to provide the road map for contingency planning and countermeasures. Fourth is Detection and Response, which initiates a specific response plan when an attack is detected.