In a recent webinar, Rivero warned that although the oil and gas sector has done a fairly good job of protecting itself from cyber threats, it is increasingly exposed to potential attacks. Having a cybersecurity strategy, he stressed, is essential.
Internal systems and strategies for controlling privileged access are critical, Rivero said, citing data gathered by Dragos, a cybersecurity company, that states 77% of the 438 vulnerabilities it assessed in 2019 were considered “deep within” a control systems network. This means the potential danger came from inside the company.
According to Rivero, there are simple ways to decrease the likelihood of this type of incident, such as changing passwords regularly and monitoring the employment status of workers with access to critical systems and processes. Making these types of changes is easy, he said, but noted a more sophisticated approach is needed to manage external threats.
In the face of greater vulnerability to industrial espionage, theft of data and attacks on critical infrastructure, owners and operators need to find a smarter, better and more secure way to protect upstream assets and eliminate business disruption.
Even a company that has never experienced a cybersecurity incident should understand what it takes to recover system architecture if security is compromised and have a strategy in place for recovery, Rivero explained.
The recording of Rivero’s discussion and presentation, entitled Implementing a cybersecurity strategy in the oil & gas business, is available on-demand. The following topics are covered at length:
- Why cybersecurity is fundamental to minimising threats from inside a company
- How to understand the elements that comprise a cybersecurity system
- Why every company needs a cybersecurity program for improved business continuity
- The value of Rajant’s BreadCrumb secure, fully ICS-compliant cybersecurity solution