Successful Cyber-Attacks Up 77% in the Past 12 Months

The energy industry has embraced the benefits brought about by increasing interconnection and digitisation with open arms. However, although this has created a wave of opportunities to improve operational efficiency, it has also multiplied the cyber risks to a sector that was already a prominent target for cyber-criminals.

The critical role that the energy sector plays in the functioning of a modern economy makes it a highly attractive target for cybercriminals, state-sanctioned cyber-attacks, terrorists, hacktivists, and others looking to make a statement. An attack on an operating system could cause infrastructure to shut down, triggering economic or financial disruptions or even loss of life and massive environmental damage, for example.

And the threat is increasing. A recent survey of more than 150 US-based IT professionals in the energy, utilities, and oil and gas industries found that 77% of respondents reported a rise in successful cyber-attacks in the past 12 months, and 60% said the rate of successful attacks had increased by over 20% in the last month alone.

As a result, it is estimated that by 2018 oil and gas companies globally could face costs of up to US$1.87 billion in cyber security spending in an effort to protect themselves against cyber risks. However, while the energy industry is aware of the risks, companies are still unclear as to how best to protect themselves.

A large part of the solution to this lies in increasing collaboration among stakeholders to improve information and, where possible, data sharing. However, at present, many energy companies are reluctant to share information on cyber-attacks for fear of loss of intellectual property and/or reputational damage.

Governments around the world are working hard to accommodate this by developing mechanisms that enable companies to share information on cyber threats without revealing corporate vulnerabilities, intellectual property, customer information, or exposing a company to lawsuits and governmental or regulatory investigations.

Steps to mitigate the risk

In the meantime, there are proactive steps that companies can take to mitigate the risk to their business. In the face of this growing threat, companies should:

• Counter threats from within the organisation: This can include background checks of staff and contractors or additional training.
• Identify vulnerabilities: Ensure antivirus software is in place and up-to-date, remove obsolete and unsupported software, and control use of removable media such as USB drives.
• Establish a contingency plan: Back-up procedures can reduce the risk of costly denial-of- service disruptions. And don’t forget: Business continuity and disaster recovery plans need to be tested regularly.
• Carefully consider risk transfer solutions: This could include looking at insurance coverage for such risks.

Assessing your organisation’s cybersecurity in this way can help make you risk ready and keep the business running.