IOT NEWS

Industrial IoT News

Industrial IoT Home

Oil and Gas Companies at Risk of Cyber Breach

By Greg Tavarez
August 09, 2022

Cybersecurity within the U.S. oil and gas industry has attracted increasing concern in recent years from a national security and infrastructure perspective as well as the potential risk of future disruptions to oil prices affecting the economy as a whole.

BreachBits analyzed oil and gas upstream, midstream, downstream and associated supply chain companies operating across the industry discovered companies in its “BreachRisk: Energy 2022” study. In the study, BreachBits ranked 59% of companies at medium risk for a cyber breach, 13% at low risk and 28% at very low risk.

“On average, the oil and gas companies we observed were at medium risk, with a score of 4.1 out of 10 on our BreachRisk scale, but that risk was not distributed evenly across the sector,” said BreachBits CEO and co-Founder John Lundgren.

BreachBits measures an organization’s BreachRisk as the likelihood of a successful breach against the potential impact to the subject.

Medium risk companies are those that a hacker would pursue, knowing there was a reasonable chance of perpetrating a successful breach over a period of three to six months. That timeline suggests a hacker is taking a quiet approach and could be much shorter with a more direct attack.

The assessment did observe two correlations between higher risk organizations and company revenue and employee base within the core population.

Companies with more than $50 million in annual revenue are at a higher risk of breach due to an increased rate of ransomware threats observed. Attackers are naturally attracted to companies with larger revenue because they believe the companies have a greater ability to pay ransoms. Attackers may also spend more time surveying companies with higher revenues because of the tendency of those companies to have larger attack surfaces.

Companies with more than 250 employees also face increased risk because of the larger number of attack vectors. Larger organizations mean greater employee anonymity, making it easier to exploit trust assumptions using social engineering tactics such as phishing or physical penetration methods. Security departments for larger companies should conduct exhaustive analyses of their attack surfaces to identify and eliminate potential risks.

“We measure cyber risk based on actual threats and viable attack vectors, not hypothetical ones, and we do that from the hacker’s perspective,” said BreachBits Chief Operating Officer and co-Founder J. Foster Davis. “That means the risks we identified in this study are the same observations being made by active cyberattackers.”




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

SmartCity Editor

SHARE THIS ARTICLE
Related Articles

Turning Labor Shortages into Competitive Advantages: Fox Robotics' FoxBots Surpass 2.5 Million Total Pallet Pulls

By: Alex Passett    2/8/2024

Fox Robotics has officially surpassed more than 2.5 million pallet pulls with its "industry-first" FoxBot autonomous trailer loaders/unloaders.

Read More

Ceva's RivieraWaves Wi-Fi 7 IP Platform Makes Waves in Next-Gen IIoT

By: Alex Passett    1/31/2024

Ceva's RivieraWaves Wi-Fi 7 IP platform, primed for the next generation of Wi-Fi Access Point and Station/Client products, offers a slew of reliable a…

Read More

From Data to Industry Action: How Digitization Can Majorly Reduce CO2 Emissions by 2030

By: Alex Passett    1/29/2024

Gecko Robotics and Rho Impact recently released data on CO2 emission reductions and how digitization and Industry 4.0 can bring about real environment…

Read More

Mouser Electronics and Panasonic Industrial Automation Sign a New Agreement to Benefit Design Engineers in IIoT

By: Alex Passett    1/15/2024

Mouser Electronics and Panasonic Industrial Automation have announced a new distribution agreement to further support IIoT projects that design engine…

Read More

Perfect Your IIoT Strategies at IoT Evolution Expo 2024, part of the ITEXPO #TECHSUPERSHOW

By: Alex Passett    1/15/2024

Explore what the future holds for Industrial Internet of Things (IIoT) innovators and their innovations at IoT Evolution Expo 2024, taking place from …

Read More