Cyber security: 60 percent of oil and gas companies do not have an incident response plan in place
Date: Tue, 02/17/2015 - 13:25 Source: Fox-IT press department
Menno van der Marel, Director and Co-founder, Fox-IT
Image credited to Fox-IT
Companies in the oil and gas industry are aware that they need to take security measures against cyber threats such as hacktivism and Advanced Persistent Threats (APT’s), but the majority has not yet taken decisive action to guard themselves. For instance: 90 percent of the oil and gas companies confirm that it is vital to respond to a (cyber) security incident within hours. However, only 40 percent of the respondents currently have an Incident Response Plan in place in case disaster strikes. This is one of the most disturbing conclusions taken from an Oil & Gas survey about cyber security measures: ‘Is Your Company’s Cyber Security Actually Good Enough?’, commissioned by security expert Fox-IT.
One of the biggest concerns of companies in the oil and gas industry is hacktivism. When asked how confident companies are that their current defence mechanisms can adequately handle or detect hacktivism, 37 percent indicates they are ‘not confident’ and 45 percent is ‘somewhat confident’. Only 11 percent is fully confident that they can handle hacks appropriately. Another important result is that 49 percent of the oil and gas companies estimate the costs of recovering from a cyber-attack at somewhere between 500.000 and 1.000.000 Euro. Still, a staggering 23 percent indicates that they are not actively monitoring their network and that 19 percent have not segregated their Information Technology network (IT) from their Operational Technology network (OT). These are all necessary measures to aid in the prevention against cyber threats.
“The results of this survey are a cause for concern. One cannot help but wonder if stakeholders at oil and gas companies are aware of the urgency of the situation. It is essential that they address the need to seriously secure their Industrial Control System networks as soon as possible. If they don’t, an attack might become a disastrous reality. Looking at the last five years, it is a fact that critical infrastructures are a target for hackers and unwell willing nation states, who are trying to disrupt the critical infrastructures for financial gain, sabotage purposes, or worse,” said Ronald Prins, Director and Co-Founder at Fox- IT. “Cyber security incidents are a daily occurrence, confirming the importance that it is something you need to be prepared for. For starters monitoring your network with a reliable security operations platform is crucial. Followed by obstructing outside attacks on your IT and OT network with preventive measures like data diodes. Furthermore, having a good response plan in place – which includes having a trusted CERT investigator such as Fox-IT under speed dial – helps improve the quality of response and drives down the overall costs of IT.”
The survey was conducted by Oil & Gas IQ, an information based portal dedicated to providing the latest oil and gas intelligence. An impressive number of Oil & Gas IQ subscribers completed thesurvey online. All results can be found in an infographic regarding the Oil & Gas IQ study on cyber security measures.