A new study has found that the US oil and gas industry and falling behind when it comes to cyber security preparedness, with nearly two-thirds (68%) of organizations having suffered a major security breach in the last year.

Siemens commissioned the Ponemon Institute to survey 370 cyber risk professionals within the oil and gas industry. Some 61% of respondents said their industrial control systems are not sufficiently protected, and nearly two-thirds (65%) claimed that the biggest threat to their organization is negligent or careless insiders.

Even more shocking, only 48% of respondents claim to have plans to use encryption for data in transit over the next 12 months. In addition, only 39% plan to deploy hardened endpoints and only 20% plan to adopt user behavior analytics. This is all scary stuff considering the vast majority of these respondents feel these measures would be very effective in security their IT environment.

Only 41% of respondents claim to have continuous monitoring in place, even though the NERC CIP compliance standard puts a great deal of emphasis on security event monitoring, including breach detection, suspicious activity reporting, and file integrity monitoring.

Change Control for the Energy Sector

However strong the perimeter security, in the vast majority of organizations there are far too many opportunities for hackers or malware attacks to slide in undetected.

Forensic-level monitoring of system changes provides a means whereby subtle breach activity can be exposed, but the amount of noise created on a daily basis by critical upgrades, system patches and required, updates once visible is overwhelming.

When it comes to breach detection, it becomes virtually impossible to distinguish between the expected file and registry changes prompted by these changes and nefarious activity. However, with File Integrity Monitoring, an automatic intelligent change control system, it is possible to cut down the noise, distinguish the unexpected from the planned and, finally, close the change control loop.

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JN

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.