Study finds Cybersecurity remains a challenge for oil and gas industry

AOG

Apr 12, 2017

A new study has found that the oil and gas industry is struggling to deal with cyberattacks.

Accenture’s High Performance Security 2016 Report found that a lack of enterprise-wide cyber analytics technology to monitor for cyberattacks meant that most oil and gas companies are not fully aware of when or even how cyberattacks might affect them.

A majority (74%) of the 186 oil and gas company leaders surveyed in Accenture’s High Performance Security 2016 Report said their organisation is confident that cybersecurity measures will yield valuable results. Indeed, more than three-quarters believe their top strategies are now able to protect their companies’ reputations, information and prevent service disruption.

However, this is at odds with 60% of energy leaders surveyed who said cybersecurity is a bit of a black box, as they don’t quite understand the timing or impact of cyberattacks. When asked about basic requirements to keep their company secure, energy leaders were less confident than their counterparts in other industries in their ability to measure the impact of breaches (40% compared to 47% for the cross-industry average) and to know their frequency (28% compared to 41%).

According to Accenture, oil and gas company leaders reported an average of 96 cyberattacks over 12 months, with one in three succeeding in a breach that was discovered only 62% of the time by firms’ security teams. Even then, detection took months for 51% of companies and weeks for 25%. The rest of the time, other employees and law enforcement officials most often discovered the breaches.

Jim Guinn, managing director who leads Accenture’s security practice for resources industries said oil and gas companies don’t have far to look to identify the sources of most cyberattacks. Company leaders said breaches are mostly from malicious company insiders (43%) or staff who accidentally published information (23%). Hackers accounted for 21% of attacks.

“Security does not end at the edge of the corporate network. It includes both operational technology and back office systems across the oil and gas value chain,” Mr Guinn said.

“Protecting core operations requires better investments in cyber defense including network analytics, cyber incident management programs that include both OT and IT networks, and ongoing testing to help identify any gaps. With a more comprehensive cybersecurity strategy that includes assets across the entire organisation, oil and gas companies can be better prepared when a cyber event occurs.”

Executives identified the top effective tools for responding to cyberattacks as internal cross-functional teams (41%), standard operating procedures (37%), established technologies (36%) and communications plans (34%).

Not surprisingly, with the rise of the Industrial Internet of Things (IIoT) and the convergence of operational technology and information technology, respondents cited the need to fill cybersecurity gaps in end point / network security as their most pressing concern (55%). They expressed low confidence (18%) in identifying high-value security assets and business processes needed for better protection, and only 24% were confident of their capabilities in cyberattack scenarios.

 

For media queries, contact:

Colin Hay and Alex Baker at PPR
T: +61 8 9388 0944
E: colin.hay@ppr.com.au and alex.baker@ppr.com.au