Cyber-attacks could include DDoS attacks, phishing/spear-phishing emails, data theft, zero-day assaults and web application exploits
The Middle East’s oil & gas industry should remain vigilant against a rising tide of targeted and fast-changing threats by prioritising cyber-security, a leading cyber-security firm has advised.
“From our interaction with the market, we’ve seen that the Middle East is determined and prepared to set an example on a global scale when it comes to cyber-attacks in the oil and gas industry,” said Diego Arrabal, VP, Southern Europe and Middle East, F5 Networks, speaking ahead of ADIPEC 2014 conference in Abu Dhabi.
“However, while awareness-levels and technological capabilities to cope are at an all-time high, the region’s oil and gas industry needs to be extremely cautious about ever-evolving and increasingly complex risks.”
According to a recent global study by PwC, last year saw a 179% rise in the number of reported cyber-attacks on oil and gas companies, which soared above 6,500 cases.
Frost & Sullivan has also reported that cyber security uptake is expected to surge with the passing of national and international legislation and awareness-raising initiatives and that, ultimately, the issue would emerge as “the highest-priority area for oil and gas companies.”
“The oil and gas industry cyber-attack playbook could include anything from distributed denial of service (DDoS) attacks and phishing/spear-phishing emails to data theft, “zero-day” software assaults, web application exploits, and website defacement,” said Arrabal.
“Depending on the attack, the consequences may include embarrassing reputational hits, disruption of supply, millions of dollars in damage and lost business, or even health and safety incidents if critical equipment fails or is led astray by faulty data.”
Against this backdrop, defence tactics like hybrid approaches to DDoS attacks are set to gain increasing traction in the industry. These can provide the resilience and scale of cloud-based solutions with the granularity and always-on capabilities of on—premise solutions.
“Looking ahead, we need to do everything we can to raise industry knowledge of the complexity and nuances of the problems and ensure industry players, governments, as well as software and hardware vendors are all on the same page,” added Arrabal.
“The Middle East can and should play an important role here, sharing lessons learned, raising operational standards and illuminating new ways forward. The tools to defend are readily available, we just need to make sure they are applied correctly and in ways that do not compromise on industry performance or innovation.”