Wednesday, March 21, 2018

Protect your heels

The famous story of Achilles, the courageous and fast hero who was part of the Trojan War. Despite his courageous participation in this historic battle, the Trojan warrior has become famous for his weaknesses. His death, at the hands of Prince Paris with a poisoned arrow shot at the heel, it could have been easily avoided if he would have protected his best-known weakness.

As in Greek mythology, there are many companies, even entire sectors, that are not able to protect their heels. The increase in cyber attacks in the Middle East is a fact and, despite continuing to increase, they are often not detected early. Despite being so widespread, it seems that cybercriminals have found where to look, according to the study by Siemens and Ponemon Institute, more than 30% of the attacks are focused on operational technology (OT).

This report focuses on the oil and gas sector and surveys some 200 people in the Middle East who are responsible for monitoring the cybersecurity risk within their companies. Although investments in its security assets by companies have increased, it still takes a lot of effort to increase the workers’ risk awareness and the rate of technology implementation to ensure their operating environments.

Although it is true that until recently the attacks focused on IT environments such as workstations, the increase in digitization and the convergence between IT and OT is giving rise to a growing number of attacks directed at the OT environment.

 “The convergence of IT and OT has become a key opportunity for attackers to infiltrate an organization’s critical infrastructure, disrupting physical devices or operational processes,” said Leo Simonovich, Vice President and Global Head, Industrial Cyber at Siemens Energy. “We know that attacks are becoming more frequent and increasingly sophisticated, and firms quickly need to assign dedicated ownership of OT cyber, gain visibility into their assets, demand purpose-built solutions and partner with experts who have real domain expertise.”

Once analyzed the results obtained in the study we know that 60% of respondents consider the risk of attack to OT higher than IT, and in 75% of the cases the respondents experienced at least once an attack that meant the loss of confidential information or operational interruption in the OT environment in the last year.

These results show that there is an increase in awareness about the OT risks currently face, but this does not prevent investments in this type of security have increased. Currently, oil and gas companies in the Middle East devote only one-third of their total cybersecurity budget to securing the OT environment. This suggests that there is no alignment of investments with the place where companies are most vulnerable, emphasizing the need to address OT cybersecurity.

The operating environments, once detected as one of the Achilles heels of oil and gas companies in the Middle East, should be fully insured. The results of this study should show the urgent need for a change of mind by the managerial positions in this sector. In most of the cases the complicated thing is to detect where the problem is, but once detected, what are we expecting to take measures?


Post a Comment