Skip to main content

Specialist Cyber Protection: For Oil & Gas Firms

The Key Exposures Facing Oil & Gas Firms

Attractive to Cybercriminals

The energy industry is critical to modern economies, making oil and gas companies attractive targets for cybercriminals. Further, the oil and gas sector may be leveraged during geopolitical conflict by attackers motivated by political, economic, or strategic interests.

Operational Disruptions

Increased reliance on technology leaves oil and gas companies vulnerable to operational disruptions that not only cause significant revenue losses but have the potential to tarnish reputation.

Aging Infrastructure

Updates to equipment can be costly and time consuming. Legacy systems pose significant cybersecurity risk as software updates and patches have become more essential. Without the appropriate investment in updated infrastructure, systems are increasingly susceptible to exploits and attacks.

Guidance and Standards

The publicity and awareness surrounding recent cyber-attacks penetrating oil and gas companies have brought increased scrutiny to the industry. To help protect the industry from these events, enhanced guidance may develop around critical infrastructure.

Reducing Risk - Cybersecurity Information for Oil & Gas Firms

  1. Multi-Factor Authentication: Implement two-factor authentication for all remote access, web-based email access, and for administrator access to key resources. Provide remote access only through secure channels and require strong passwords.
  2. Securing Operational Technology (OT): Create separate user credentials for the OT environment and require MFA for remote access. Develop a plan for end-of-life assets and annually assess the capability of security tools.
  3. Backups: Develop and test backup and recovery plans; keep copies of sensitive or proprietary data in a separate and secure location. Test back-ups regularly to ensure both the technology, and the people, can function during a crisis.
  4. Security Operation Centre (SOC): Leverage an in-house or third-party managed SOC to monitor the entire enterprise, inclusive of operational technology.
  5. Email Security: Properly configuring spam filters, investing in antivirus protection, and adding multi-factor authentication can help employees avoid business email compromises, fraudulent instruction losses, and other cyber claims.
  6. Antivirus and Patching: Maintain updated antivirus software and configurations. Enforce a patch management process to address ongoing security updates and defend against critical vulnerabilities.   

Responsive Cyber

How our incident response team helped construction clients get back in the game.

For more on suggestions to reduce risk and our appetite for Oil & Gas firms, download the PDF.

Speak to your local Underwriter to see which of your clients can benefit from our Oil & Gas endorsement.