Changing Human Behavior Key to Thwarting Cybersecurity Attacks
Despite increased spending on technology to stave off cyberattacks, companies are getting compromised more and taking bigger hits.
The revenue of cybersecurity companies traded on the public market grew an annual average of 20 percent last year, said Rohyt Belani, co-founder and CEO of PhishMe, during a keynote presentation at the API Cybersecurity Conference Wednesday in Houston. But a PwC report found that the number of reported cybersecurity incidents rose by 48 percent this year, and the number of companies reporting cyber-related financial hits of over $20 million grew by 92 percent.
“We love silver bullets in cybersecurity,” said Belani.
However, companies using this approach will likely fall flat on their face. Just like living a healthy lifestyle is no guarantee against a person getting cancer, cybersecurity is about mitigating risk and rapidly responding to events. But cybersecurity preparedness provides no guarantee that an incident won’t occur.
“Often what I find is that people equate compliance with security,” said Belani, but compliance isn’t enough. Instead, a threat-based approach is needed.
The oil and gas industry loves shiny new balls, such as Big Data, Internet of Things, Hadoop clusters and analytic tools to address cyberattacks. But with 91 percent of cyberattacks starting with spear phishing, the industry still hasn’t gotten the basics down, said Belani.
Current cyberattack detection methods are failing. According to Belani, 31 percent of compromises are detected internally, while 69 percent of cyberattack victims are notified of the breach by an external entity. Citing the 2010 case of Times Square T-shirt vendors who notified police of a suspicious car parked nearby – turns out the car had explosives – Belani said oil and gas companies don’t need technical ninjas, but just for people to be conceptually aware of things that look out of place.
Instead, oil and gas companies need to study how to change behavior. And while compliance requirements are critical, companies need to create a work culture that makes it okay to come forward when mistakes are made, Belani said.
“Will we finally succeed at getting people not to be stupid?” Belani asked.
However, he does see hope.
“If we can train fighter pilots to land on aircraft carriers in the middle of the sea at night, we can teach workers to report suspicious things in rapid form.”
Despite the oil price downturn, cybersecurity still seems to be an area of focus for oil and gas companies, said Bill Stewart, who heads up Booz Allen Hamilton’s commercial cybersecurity business, in an interview with Rigzone.
The number of cyberattacks against oil and gas companies grew this year, and will likely keep growing in the near-term, Stewart said. The primary motivation behind cyberattacks today is to gain an economic advantage – such as stealing information on another company’s merger and acquisition plans, business strategies and hydraulic fracturing techniques and drilling plans. Nation-states appear to be behind attacks motivated by economic advantage, while actors such as the Iranians are more interested in destroying SCADA or IT systems via malware. Malicious actors are using Dark Web to exchange information, selling information they’ve captured but can’t use. Competition will likely continue increasing as Saudi Arabia continues dumping oil on the global market.
The good guys need to find ways to get more out of internet technology.
“Unfortunately, adversaries have a huge advantage in that they only need to find one way in. With new attacks occurring every day, the oil and gas industry faces the challenge of finding ways to quickly respond to new malware and new attack vectors,” Stewart said.
While the defensive systems used by oil and gas companies are getting better, many of these systems rely on pattern recognition, which cyberattackers are able to infiltrate. To cope, oil and gas companies are exploring the use of Big Data to look or and prevent attacks. Many large institutions are creating cyber-fusion centers, which monitor for physical security, cybersecurity and fraud, said Stewart.
At the macroeconomic level, the regulatory mandates addressing cybersecurity in oil and gas aren’t in place due to the government stalemate on the issue, said Stewart. While the U.S. government arguably has the best cyberdefense capability in the world, this capability is not applied in large measure to support commercial industry.
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.
- Shell CEO Says World 'Desperately In Need' Of Natural Gas
- Fate Of $8Bn Alaska Oil Project To Be Resolved In Next 30 Days
- Gov't Tampering Puts Australian Gas Market In Unenviable Position
- Texas Power Outages Increase As Ice Storm Persists
- Oil And Gas Firms Need To Accelerate Shift To Low Carbon Energy
- Shell's Record Earnings Draw Angry Reactions
- Lukoil Hits 50 Million Tons Of Hydrocarbon Production In Caspian Sea
- TotalEnergies, Air Liquide To Make Heavy-Duty Hydrogen Stations
- Capricorn Reshapes Its Board of Directors
- NSTA's Energy Pathfinder Proving Its Worth
- What Bad Habits Should Oil and Gas Jobseekers Avoid?
- New SPR Bill Passes House
- Biden To Support ConocoPhillips Alaska Oil Project, Defying Greens
- USA Drops 3 Gulf of Mexico Rigs
- USA Oil and Gas Employs Almost 1 Million in 2022
- Shell Makes Host of Company Changes
- Energy Services Sector Will Grow To $1 trillion In 2025
- Libya Sees More Deals After Eni's $8B Gas Investment
- New Discoveries Make 2022 Highest Value Year In Over A Decade
- $1 Trillion Green Investment Matches Fossil Fuels For First Time
- Valaris Employee Reported Missing from Rig
- Louisiana, Texas To Gain Thousands of Energy Jobs At Start of 2023
- Gasoline and Diesel Prices Expected to Fall
- Is the USA Shale Boom Over?
- Higher Oil Prices Have Not Led to More Exploration
- Shell Finds Gas In Pensacola High-Impact Well Off UK
- Iran Oil Gushes Into Global Market
- Will Oil Hit $100 Per Barrel in 2023?
- Eni, Chevron Make Significant Gas Discovery Off Egypt
- What Bad Habits Should Oil and Gas Jobseekers Avoid?