Energy is overtaking banking and finance as a target for cybercriminals in the Middle East, yet companies in the sector are leaving themselves significantly more open to a successful attack, leading international experts have told the Security in Energy conference in Abu Dhabi.
Colocated within the Abu Dhabi International Petroleum Exhibition and Conference (ADIPEC), Security in Energy recognizes the increasingly critical importance of information technology systems to oil and gas operations.
In an opening address to delegates, Ibrahim Al Shamrani, executive director of operations at Saudi Arabia’s National Cyber Security Center, said 300 new malware samples were being discovered each day and that his organization was facing a growing number of attacks on the energy industry.
“The energy sector is trending to be the second most targeted sector in the country in 2017, behind the government and ahead of the financial and telecommunications sectors,” Al Shamrani said. “However, attackers are three times more successful in compromising energy companies than they are in the financial sector. In this era, if oil and gas companies think they haven’t been attacked, or even compromised, I can tell them, you are not looking hard enough.”
Recent figures from McAfee estimate the global cost of cyber-related crime, or illicit activity, is between $375 billion and $550 billlion per year.
In a keynote address to the Security in Energy conference, Don Randall, former head of security and chief information security officer at the Bank of England, said he believed that figure was probably around $400 billion, and growing at between 10 and 20% per year.
“When we look at the types of issues that could affect the oil and gas or energy industries, the three principles are still hacking, phishing, and false identity,” Randall told the conference. “It doesn’t matter if you’re in the financial sector, in energy, utilities, the government, or anything else—the cyberattack will be the same, it’s just the consequences that are different.”