How to contend with COVID-19-driven demand destruction has captured much of the oil and gas industry’s attention in recent months.
Another formidable threat, which has risen markedly since last year, deserves much vigilance from many industry players. That is the message James Bright, senior underwriter with London-based Brit Insurance, recently conveyed to Rigzone. Bright's firm covers potential physical and financial impacts of cyber-attacks for oil and gas firms.
“Hacks to oil and gas control systems can result in unauthorized amendments to software and the processes they are controlling with potentially devastating consequences,” Bright said. “While there have been some public reports of the impact that a cyber-attack can have on the physical processes in a plant or offshore rig, awareness is still limited – meaning many businesses still have exposures not adequately dealt with by their insurance policies.”
As Bright told Rigzone, cyber-criminals are exploiting many oil and gas industry players’ distraction amid COVID-19. Read on to learn more about what firms can do to better protect themselves.
Rigzone: How has COVID-19 influenced the number and severity of cyber-attacks?
James Bright: Since the global proliferation of COVID-19 from February onwards, the number of cyber-attacks has risen by over a third year-on-year. This increase in malicious cyber-attacks has primarily had an impact on organizations on the frontline of the global response, including the World Health Organization (WHO), healthcare services and charities addressing the pandemic. It’s not only companies that have been targeted, with a huge uptick reported in the number of scams and phishing schemes taking advantage of individuals’ fear and confusion around the virus.
Rigzone: How has this affected the oil and gas industry?
Bright: With the downturn in oil and gas prices, many bad actors recognize that the industry’s attention and priorities are elsewhere and will look to exploit this distraction. If a cyber-attack was launched on an oil and gas business in the current environment, many companies simply wouldn’t have the ability to provide an effective response.
Additionally, with the movement of people heavily restricted, executing existing response plans and establishing crisis teams to work on the ground to restore critical systems and services would no longer be possible.
Rigzone: How might an oil and gas company sustain a cyber-attack?
Bright: The industry is ever more dependent on technology to gain efficiencies and automate processes and systems. Hacks to these control systems can result in unauthorized manipulation of software and the processes they are controlling.
The most common modes of cyber-attack facing oil and gas companies are via malware, ransomware and phishing. These attacks are often performed with social engineering campaigns leveraging malicious emails that force victims to install malware that steals financial data, personal information and can act as a back door into the systems of a company.
This type of attack by bad actors could also extend to disabling national electricity grids, starting electrical fires, disabling safeguards and warning systems, causing explosions and loss of life on oil rigs. Such events could result in a whole range of losses, including capital asset damage, long-lasting business interruption and loss of earnings.
Rigzone: Oil and gas companies are grappling with two major challenges: a sharp downturn and COVID-19. Given these extraordinary circumstances, are they inevitably more vulnerable to cyber-attacks?
No comments:
Post a Comment