Oil and gas industry is more open to the risk of cyber-threats in the Middle East, said the experts during ADIPEC 2017, noting that security in IT systems being critically important for oil and gas operations
In an opening address to delegates, Ibrahim Al Shamrani, executive director of operations at Saudi Arabia’s National Cyber Security Centre, said that around 300 new malware samples were being discovered each day. He also mentioned that his organisation was facing a growing number of attacks on the energy industry.
“The energy sector is trending to be the second most targeted sector in the country in 2017, behind the government and ahead of the financial and telecommunications sectors,” Al Shamrani said.
“However, attackers are three times more successful in compromising energy companies than they are in the financial sector. In this era, if oil and gas companies think they haven’t been attacked, or even compromised, I can tell them, you are not looking hard enough,” he added.
Recent figures from McAfee have estimated that the global cost of cyber-related crime or illicit activity is between US$375bn and US$550bn per year.
Don Randall, former head of security and chief information security officer at the Bank of England, said that that figure was probably around US$400 billion, and growing at between 10 and 20 per cent per year.
“When we look at the types of issues that could affect the oil and gas or energy industries, the three principles are still hacking, phishing and false identity,” Randall explained.
“It doesn’t matter if you’re in the financial sector, in energy, utilities, the government, or anything else, the cyberattack will be the same, it’s just the consequences that are different.”
In the Bank of England role, Randall helped develop new security protocols, including the creation of a specific Information Security Division.
That model is now widespread in banking, completely separating the department that runs the IT infrastructure, from the team responsible for recognising and responding to threats.
