Why Organizations Get Hacked and What’s Coming Next?
Earlier in 2018, U.S. power and natural gas suppliers were under attack and at least 7 energy companies and their third-party electronic communications systems were shut down because of hacking. Electronic sensors have been mounted on 900,000 oil and gas wells, and 300,000 mi of pipelines to monitor capabilities to track data and these automatic valves can be shut down automatically on a moment’s notice and all are hackable.
With technology advancement like Internet of Things (IOT), machine learning, automation, 3D & 4D seismic, drilling, Permanent Reservoir Monitoring (PRM) techniques etc. amount of data is also rapidly increasing online which increases potential security threats. Famous attack was on Saudi Aramco in 2012 which totally destroyed or wiped out contents of between 30,000 and 55,000 workstations within hours and production was locked down during the disk-wiping Shamoon incursion. According to Chris Kubecka, security consultant to Saudi Aramco, with this attack, 10% of the world’s supply was at risk and an attack of that size would have easily bankrupted a smaller corporation. Saudi Aramco was hit again in 2016 by same hackers.
Ukraine was hit with blackouts by state sponsored hackers in 2015 & 2016 which was blow to economy as well the health and safety of its citizens. In August 2017, a petrochemical company with a plant in Saudi Arabia was hit by a different kind of cyber-attack. It was not designed to simply destroy data or shut down the plant. Investigators believe it was meant to be sabotage the firm’s operations and trigger an explosion. The only think that prevented significant damage was a bug in attackers’ computer code that shut down the plant’s production system.
These breaches not only result in data loss but also in threat to human lives, corporate reputation, and financial losses. Juniper Research predicted that the cost of data breaches will increase to $2.1 trillion globally by 2019 and $8 trillion by 2022. Majority of these breaches will come from existing IT and network infrastructures while new threats targeting mobile devices and IoT (Internet of Things).
With rise of cyber-attacks, energy companies are spending less than 0.2% of their revenue on cyber-security which is at least a third less than financial institutions, according to Precision Analytics LLC. Energy companies should allocate adequate resources and budget to protect their infrastructures while leveraging from lessons learned from industry and be more resilient & protective from cyber-attacks.