Oil and gas companies are prime targets of potentially business altering cyberattacks. Yet in 2015, researchers found that over 85% of gas, oil, and IT professionals surveyed were confident that they had the ability to identify and stop a potential cyber attack in under a week. This is at odds with a 2015 report on cybersecurity estimating that far too many companies don’t realize information has been compromised until months later. That’s a problem when you consider the role oil and gas utilities play supporting critical infrastructure and ensuring public safety.

There’s no doubt: Oil and gas companies need to clear up their misconceptions about cybersecurity to avoid the potentially widespread impact of a major cyber attack. National security depends on it.

Oil & Gas Companies Attractive To Cyber Criminals

Oil and gas companies operate in a highly competitive sector, with private enterprises and countries engaging in aggressive market share tactics, often with global implications. With their vulnerable legacy infrastructures and high-value intellectual property, oil and gas utilities are attractive targets for cyber espionage. This includes information about partners, drilling sites and organizational strategy—data that holds the key to competitive advantage.

Apart from competitors and organized hackers in attempts to disrupt business for financial gain, threats can also come from environmental and political hacktivists.

Understanding Risks Is Vital To Cybersecurity

To protect the network from cyber intrusions, organizations have to understand the potential risks to the company’s assets, as well as tactics and resources to mitigate them. Among the factors to consider are differences between threats to hardware infrastructure and threats to software, as well as potential sources of attack.

Although the process takes time and focus, the information gleaned from these analyses informs the development of a strong cybersecurity strategy, which should include:

• Multilayered network security platform that integrates technologies such as firewalls, monitoring systems, intrusion prevention programs and advanced sandbox solutions to detect breaches, analyze and record associated patterns, and protect data at the source.
• Authentication controls to limit information access to authorized users, only.
• Clearly communicated, consistently enforced security guidelines and protocols to minimize vulnerabilities linked to human error.
• Frequent, regularly scheduled security audits and policy updates to ensure all processes and systems are aligned with constantly changing threats.

Agile, Cohesive Cybersecurity Platform Optimizes Protection

In addition to these steps, oil and gas companies need to build a cybersecurity infrastructure that enables them to move swiftly and effectively in response to threats with the right sets of tools and resources. The ability to continually monitor infrastructure, and prioritize threats and defensive actions, requires agility, visibility and a strategy to target technology and people to where they’re needed most.

That’s why at Resilient Intelligent Networks, we recommend the approach to cybersecurity developed by our partner, Fortinet. Called the security fabric, it’s an architecture based on open APIs that enables multiple security technologies to automatically share actionable threat information and be managed as a cohesive whole.

Beyond the architecture itself, Fortinet also provides a full gamut of independently-validated, best-in-class security technologies including next-generation and internal segmentation firewalls and an advanced threat protection framework designed to adapt to changing threats.

Contact us to learn how ResilientIQ can help your utility successfully address the cybersecurity challenges facing the oil and gas sector today.