The same study further probes into the region's oil and gas sector concluding that although there are many businesses that work hard towards protecting their assets from cyber threats, there is still a huge gap in creating safe environments for firms to function in.
IT has been the only targets for cyber-attacks since a long time now. So a typical area for a threat such as this, would be a PC or workstations. Cyber-attacks are much complex and have surpassed these usual suspects. With the growth of digitization, even in the oil and gas sector, there has been a major convergence in IT and OT, which has led to a rise in attacks on OT environment.
How ready is Middle East's oil and gas industry in the face of these rising threats? The report takes a liberal point of view in trying to address these threats and choose areas of focus to close gaps in processes, by surveying over 200 individuals who have been prey to these attacks by overseeing security risks.
Converging IT and OT gives an opportunity to organisations to disrupt physical devises, diversify their infrastructure and create a safe environment to function. There is little doubt that these cyber-attacks are only on the rise and are getting more and more frequent. In the face of this threat, firms must decide on dedicated ownership to gain better visibility over their assets. This also calls for partnering with specialised agencies, who can provide clear domain expertise to bring purpose-built solutions.
There is yet another key take away from this study, i.e. although there is a rise in awareness of cyber risk, there has been no OT budget allocations and dedicated solutions for these threats. In fact, only a third of the total cyber security budget is given to secure the OT environment. There is little or no alignment of their cyber investments, thus, rendering them vulnerable and open to increased threat.
According to the report there are six key principles that have been underlined an effective OT cyber programme. Starting with assigning and empowering the personnel, who is to be responsible for OT cyber security. Firms must overcome their fear to connect and gain visibility to their OT assets. There needs to be a 360 degree secure operating environment all the way.
Data analytics must be used to make decisions that will affect the firm’s future, with regards to cyber solutions. Finally, organisations should leverage specialised advice from partner firms, who have domain expertise in the cyber-security domain.