In the proactive pursuit of efficiency, we have created a fully digitized world. And nowhere are the potential vulnerabilities of this approach more apparent than in the Middle East and North Africa (MENA) energy sector where robots, remotely controlled circuits, programmable logic controllers and IoT devices dominate the landscape.
Now we find ourselves at the mercy of the reliability, resilience and robustness of machinery controlled by layers of people, processes and technology.
Let’s face it: computers fail for various reasons, and systems can be compromised. You can, for example, spill your morning coffee on your laptop (a personal tragedy) or your entire theater of operations can be irrevocably disrupted in a massive, coordinated cyber attack carried out by international cybercriminals.
There is an unfortunate juxtaposition between advancements in technology and the methods with which this technology can be undermined. It’s all fun and games if someone wants to hack into your laptop to look at your holiday pictures or open your CD tray — when we had those. It’s not as amusing when the targets of such cyber attacks are major industries whose disruption — or the mere threat thereof — can deliver shockwaves of crises across economies, sending entire nations and populations into turmoil and panic.
One such industry is Oil and Gas in the MENA region, which, over the past several decades, has been an oversized motor of growth in many economies largely reliant on energy exports. So, let’s see how the matter stands.
Cyber Attacks are Rampant in the Oil and Gas Sector
In its Internet Security Threat Report, Symantec paints a dim picture: over the past eight years, more than 7.1 billion identities have been exposed via 3,943 data breaches worldwide. The New York Times writes about a cyber attack on a chemical plant in Saudi Arabia that did not only seek to disrupt operations or steal data, “but also to sabotage the firm’s operations and trigger an explosion.”
Also, in a report on cybersecurity, Siemens and the Ponemon Institute warn that the Oil and Gas sector in the Middle East needs a considerable boost in readiness to address this threat. The report points out that three in four companies in the Middle East’s Oil and Gas sector have suffered at least one security compromise in the last 12 months, and that the industry was the target of as much as one-half of all cyber attacks carried out in the in the same period.
In addition, Foreign Policy reports a severe cyber attack at Saudi Aramco in August 2017 during the course of which malicious cybercriminals sought to reprogram SIS controllers to shut down production. Keeping in mind that Saudi Aramco, the world’s largest oil company, produces 12.5 oil barrels per day, and generates annual net profits in the area of $34bn. It is simply arithmetic at this point. Disrupting operations at Saudi Aramco is liable to send the world’s economy into a tailspin with severe consequences for world markets.
The situation is grave and compounded by the fact that Middle Eastern producers are looking to increase their spending to maintain their production targets, according to Oil and Gas Middle East. Saudi Aramco is reportedly planning to spend $334bn across the oil and gas chain, while Kuwait is expected to spend $115bn on energy projects in the next five years. What this means, in layman’s terms, is that this sector is on the cusp of further expansion that is yet to be matched with cybersecurity spending, according to the Siemens report. So now what?
Investing More in Cybersecurity is an Easy, Yet Complicated Answer
The rational answer to the challenges above seems easy: an investment in cybersecurity. This, however, is easier said than done. Determining which vulnerabilities are more urgent, and indeed, detecting vulnerabilities that might lead to a nightmare scenario in the first place, is a tall order requiring an overhaul of network infrastructure, operating systems, information systems, inter-organizational data security policies, and the general attitude toward all of the above within an organization. After all, there is no way to tell which threats, internal or external, are being honed until disaster is around the corner.
Advanced Authentication: A Proactive Approach
Crossmatch, part of HID Global, offers DigitalPersona, an advanced multifactor authentication platform. It utilizes a composite, human-proof authentication approach to securing systems and networks, providing high-level assurance in a manner that supersedes what is available even through the most complex and stringent multifactor authentication methods. The award-winning solution covers all applications, use cases, and platforms to close every possible gap in cloud, legacy, network and mobile applications.
What this means is that the Oil and Gas industry in the Middle East, and indeed, everywhere, doesn’t need to sit idly by while bad actors refine cyber schemes and develop malicious software. Instead, organizations can be proactive in their pursuit of security by attending to and eliminating vulnerabilities as they surface.
It may sound too good to be true, but you don’t have to trust a few words in a blog post. Click here to see for yourself.
Yara is a Crossmatch Regional Marketing Manager for the Middle East and North Africa. With a solid IT background, she brings more than 10 years of experience in Marketing, PR and trade show management, supporting strong acumen for understanding what drives businesses on both strategic and operational levels.