Cybersecurity Crucial in Preventing Costly AttacksBy Cas Biekmann | Thu, 10/29/2020 - 15:36
You can watch the video of this panel discussion here.
Digital transformation and cybersecurity where the focal points during the 13:15 panel of Mexico Oil & Gas Summit 2020. Fernando Thompson, Director General of TBSek, moderated the discussion and pointed out Mexico is situated among the Top 15 countries in cyberattacks. Without a doubt cybersecurity is of utmost importance but how can general directors deal with this pressing issue?
Belinda Quijano, General Director of Apollo Communications, said CEOs need to take the lead and take measures. “Seventy percent of oil and gas companies responded by saying they have suffered a cybersecurity attack in an EY survey,” Quijano noted. The average cost of such attacks is a whopping US$5 million. Therefore, a good strategy is necessary to defend against this larger risk, where ransomware and phishing have been the main issues encountered.
“Our clients have facilities that have grown over the years but security has not been considered at all,” said Daniel Zuluaga, General Manager of Summum. Zuluaga added there is an imminent growing risk for companies. Nonetheless, modern technologies can be of great benefit to overcome potential attacks.
“A fundamental topic is budget. Generally, companies have low budgets when it comes to cybersecurity,” added Rafael Pureco, Lifecycle & Reliability Sales Manager at Emerson Automation Solutions. In some areas, there is no budget available at all. For the most part, companies have an abundance of equipment, which sometimes is obsolete. Therefore, good management is needed to deal with the risks.
David Gonzalez, Managing Partner at NetBrains, argued that above all, assets need to be protected, even though people attack merely to receive money. These ‘crown jewels’ are the heart of the operation. “At the end of the day, many of the strategies can be well-established but there needs to be a large enough budget to execute them correctly,” he said.
Erik Gomez, Senior Director of Strategic Planning at RigNet, argued that a full assessment needs to be established for both IT and OT as IoT is added to the mix. “We need to recognize that most attacks in the industry are state-level attacks. They come from China and Russia and they obtain data as well as control over systems in remote areas.”
One problem generally found is that many companies work with SCADA systems, which were not developed taking Industry 4.0 into account. They are therefore rather vulnerable. Furthermore, today there are more items connected to the system. This includes fridges or TVs, for instance, giving wider opportunity for cybersecurity attacks to take place.
Roberto Shigueo Suzuki, Business Development of Secure Advanced Technologies & Operational Technologies at Fortinet, pointed out that attacks are common throughout the year for many companies. IoT devices were indeed an increasing risk. “As digital transformation develops, the risk for cybersecurity increases,” he said. Nevertheless, human fragility is always at risk: phishing remains a popular way to gain access to systems. Furthermore, people often take devices home.
Quijano considered specific engineering software to be especially vulnerable, as they have been coded for a specific purpose but have left significant gaps in terms of security. Internal risks might be a risk as well. “Some staff might want to purposely hurt the organization,” she stated. Awareness and training can help identify these risks.
Zuluaga stressed that CEOs need to have a lot of knowledge to be able to protect the company. But teams within the company need to be aware of what happens on the other side as well, especially OT and IT teams, said Pureco. All panelists agreed on the importance of a Chief Information Security Officer, whose role increases in importance constantly as digital transformation takes hold of the sector. González compared digital transformation with warfare in ancient Rome. Just like the Romans, advantage can be gained by really adapting organization and technology. “We need a long-term vision,” he said, noting that digital transformation is here to stay and that the road forward is becoming clearer.