A new study has found that the US oil and gas industry and falling behind when it comes to cyber security preparedness, with nearly two-thirds (68%) of organizations having suffered a major security breach in the last year.

Siemens commissioned the Ponemon Institute to survey 370 cyber risk professionals within the oil and gas industry. Some 61% of respondents said their industrial control systems are not sufficiently protected, and nearly two-thirds (65%) claimed that the biggest threat to their organization is negligent or careless insiders.

Even more shocking, only 48% of respondents claim to have plans to use encryption for data in transit over the next 12 months. In addition, only 39% plan to deploy hardened endpoints and only 20% plan to adopt user behavior analytics. This is all scary stuff considering the vast majority of these respondents feel these measures would be very effective in security their IT environment.

Only 41% of respondents claim to have continuous monitoring in place, even though the NERC CIP compliance standard puts a great deal of emphasis on security event monitoring, including breach detection, suspicious activity reporting, and file integrity monitoring.

Change Control for the Energy Sector

However strong the perimeter security, in the vast majority of organizations there are far too many opportunities for hackers or malware attacks to slide in undetected.

Forensic-level monitoring of system changes provides a means whereby subtle breach activity can be exposed, but the amount of noise created on a daily basis by critical upgrades, system patches and required, updates once visible is overwhelming.

When it comes to breach detection, it becomes virtually impossible to distinguish between the expected file and registry changes prompted by these changes and nefarious activity. However, with File Integrity Monitoring, an automatic intelligent change control system, it is possible to cut down the noise, distinguish the unexpected from the planned and, finally, close the change control loop.

 

Contact Us

USA Offices

New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]

 

UK Office

New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
 [email protected]

CIS benchmarking SEWP Cybersecurity 500 Infosec Security Winners 2018 Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.