07 Oct Cohesity: How the Middle East oil and gas companies can secure their OT data
Data security is a subject that ultimately relies on solid processes, management and being able to react and protect against potential risks and threats. Cyber threats are becoming ever more sophisticated, and for high profile companies or ones with high net worth they can become easy targets. Gas and oil companies are particularly susceptible as targets, due to their high net worth.
Security Middle East has spoken with Brian Spanswick, Chief Information Security Officer (CISO) and Head of IT at Cohesity for his view on how oil and gas companies in the Middle East can secure their OT data…
GCC nations may have embarked upon programs of economic diversification designed to dilute their reliance on petrochemicals, but oil and gas industries in the region are a long way from twilight, or even dusk. Oil production continues to hover at around one sixth of GDP in the United Arab Emirates and some estimates put Saudi Arabia’s petrochemical activity at 46% of GDP. Having built their prosperous present on natural resources, Gulf countries will heavily rely on them for the foreseeable future. And this is not lost on their adversaries.
Critical infrastructure is by no means impervious to digital disruption. Cybersecurity professionals across the region are all too aware of the many high-profile attacks directed squarely at oil and gas majors. In 2012, Saudi Aramco and Qatar’s RasGas faced multimillion-dollar attacks from the Shamoon virus. Similarly, Aramco’s latest cyber incident involved a data leak at a third-party contractor and did not disrupt operations, the event’s uncomfortable proximity to an economic fulcrum was bound to cause anxiety among CISOs of regional petrochemical companies.
Global cyberattacks such as the JBS and Colonial Pipeline incident in the US, show just how vulnerable all digital systems are to ransomware, which is why CISOs in the oil and gas industry are focusing, or should be focusing, their efforts around improving their cyber resilience. In particular, these executives should direct their cybersecurity teams to become more active and gain a better overview of their IT and OT systems and back up their data in order to respond to sophisticated attacks in particular.
The biggest challenge for the IT infrastructure and security teams is backing up important data, so that systems and processes can continue to run without problems. This is crucial regardless of where the data is stored.
The attack surface of an organisation is defined by its business-critical data, which is why cyber attackers usually focus on this important data and the processes involved to inflict targeted damage. They know that if they are able to corrupt and exfiltrate this data, they can cause greater disruption and loss of revenue, and therefore request a larger ransom, or even multiple ransoms.
To defend against and minimise the consequences of these attacks, it is essential that the different teams in the company work together. IT and SecOps should cooperate closely and develop a joint, closed security concept that focuses on preventing breaches as much as possible. At the same time, both teams should develop joint tactics to quickly contain the consequences of a successful attack. This requires organisations to implement processes, policies, and security controls that prioritise data protection and recovery in the event of a cyberattack.
Modern data management platforms can help immensely. They create an overview of the data landscape and the attack surface, help identify anomalies, and store the data on immutable storage where it is stored unalterably. Using such platforms, Oil and Gas companies can gain a higher level of cyber resilience.
Oversee and prioritise OT data
IT and security teams at oil and gas companies should clearly define which data and systems are essential to continue operations should an adverse event – such as a ransomware attack – occur. This analysis will help guide resource allocation, ensuring that the most critical systems and data are resilient. And while these teams have certainly recognised that OT and IT are vital on their own, they must now understand how these systems can work in combination to achieve cyber resilience. This is the formula to that essential goal of keeping operations and business outcomes on track, even if the
face of cyber-attacks. Rather than simply meeting specific compliance standards, it is this approach that should guide cybersecurity strategies at the region’s oil and gas companies.
Once critical systems and data sets have been identified, what questions could help determine if these have indeed been appropriately secured? While not exhaustive, the following certainly present a good start – Can specific files be recovered individually, or do teams need to perform a full recovery? How long does the process take in practice? Can the teams actually fall back on clean, immutable backups with time-relevant snapshots? Is your data encrypted in transit and at rest? Do you test your backups against the target recovery time and recovery point?
When it comes to large incidents, the most common question for the CISO is: do we have a backup of our data? Previously, that has been the right question to ask, because backups provided good protection against accidental data deletion by a user, a major disaster, or even some early ransomware attacks. But to correctly access their current level of exposure, organisations today should ask the question in a different way: How quickly can core business processes be restored, and from what point can they be restored? An answer to this question that is consistent with the company’s goals confirms the current level of cyber resilience.
To answer this question, Oil & Gas companies need to understand exactly where their critical data resides, how it is stored, and how it traverses their systems. Understanding one’s core systems and how data is used to support core business processes is a critical component of being able to reduce and protect the attack surface.
Next-gen data management solutions can help manage, secure and, most importantly, recover data quickly regardless of location – whether it’s IT, OT or both. This in turn helps companies to strengthen their cyber resilience and continue operations even in an emergency.