The oil and gas sector in the Middle East has become a top target for cybercriminals, enduring 50 percent of all cyber-attacks in the region, revealed a new report. The study, conducted by industrial giant Siemens and the Ponemon Institute, polled around 200 individuals in the Middle East responsible for securing or overseeing cyber risk in oil and gas companies. According to the report, three in four respondents said their organization had suffered at least one security compromise that resulted in the loss of confidential information or disruption to operations in the OT environment over the past 12 months. Meanwhile, 11 percent reported that they had experienced more than 10 cyber breaches in their OT environments – a rate three times the global average, the report noted. Even so, such numbers likely under-report the true figures, with nearly half of respondents admitting they may not be aware of all breaches. Furthermore, 60 percent of respondents believe they face a greater risk in the OT than the IT environment. Similarly, 67 percent believe the risk level to industrial control systems over the past few years has substantially increased because of cyber threats. “The convergence of IT and OT has become a key opportunity for attackers to infiltrate an organization’s critical infrastructure, disrupting physical devices or operational processes,” said Leo Simonovich, Vice President and Global Head, Industrial Cyber at Siemens Energy, in a press release.
“We know that attacks are becoming more frequent and increasingly sophisticated, and firms quickly need to assign dedicated ownership of OT cyber, gain visibility into their assets, demand purpose-built solutions and partner with experts who have real domain expertise,” Simonovich said.
Companies are aware of the rising cyber risks, yet few are prepared to address them. Less than half of respondents said they continually monitor all infrastructure to prioritize threats and attacks. Additionally, oil and gas companies in the Middle East today allocate only a third, on average, of their total cybersecurity budget to securing their OT environment. Although more companies are investing in resources to strengthen their defenses, such as hiring qualified staff, Siemens argues “the next step in this OT cybersecurity journey will require a more holistic strategy.” “Organizations that adopt both a risk-based and compliance-based approach to their OT security programs will be those who close the cyber readiness gap soonest,” the report concluded.