There has been a hike in cyber attacks against oil and gas organizations over the past 12 months, a new report said.
In the report, 82 percent of oil and gas industry respondents said their organizations registered an increase in successful cyber attacks over the past 12 months, said the study sponsored by Tripwire and conducted by Dimensional Research in November.
On top of that, 53 percent of respondents said the rate of cyber attacks has increased between 50 and 100 percent over the past month.
Tripwire’s study showed 21 percent of the respondents have seen an increase of between 20 and 50 percent in successful attacks, 13 percent registered an increase of between 10 and 20 percent, while 11 percent saw an increase of less than 10 percent. Two percent of the respondents pointed at the number of cyber-attacks being more than double in the past month.
The report also found 69 percent of respondents said they were “not confident” in their organizations’ ability to detect all cyber attacks. Focused on the cyber security challenges faced by organizations in the energy sector, the study received responses from over 150 IT professionals in the energy, utilities, and oil and gas industries.
According to the survey, 72 percent of respondents said one executive is responsible for securing both IT and OT environments.
The energy sector has seen a large number of cyber-attacks over the past years, and the Department of Homeland Security said it is the most attacked industry. Additionally, the sector also felt the sting of state-sponsored cyber espionage campaigns, including Energetic Bear.
However, although cyber threats targeting the electric grid gain attention, the oil and gas industry has not received the same level of scrutiny, Tripwire said.
“There are more than 2.3 million miles of pipeline in the United States, meant to connect to a variety of businesses, including refineries and airports,” Tim Erlin, director, security and IT risk strategist at Tripwire, said in a blog post. “Moreover, with a vast industry of supporting organizations around oil and gas production and distribution, the industry deserves as much attention when it comes to cyber security as the electric grid.”
The industry should focus on reducing the number of attacks by eliminating threat actors and by reducing the overall attack surface, Erlin said.
“It’s unrealistic to believe that 100 percent of the threats can be eliminated, so there’s always a need for accurate detection of successful attacks,” Erlin said. “There are also ways in which an ICS-centric environment is actually more defensible than corporate IT. Oil and gas companies should look at how they can detect anomalous activity or unauthorized changes in their control environments in order to improve this metric.”
Click here to view the survey.