Cyber security breaches in the Middle East are widespread and frequently undetected, with 30 percent of the region’s attacks targeting operational technology (OT), finds a new study by Siemens and Ponemon Institute. The study, which examines the region’s oil and gas sector, reveals that while firms have begun to invest in protecting their assets from cyber threats, more needs to be done to increase awareness and the deployment rate of technology if they are to secure their operating environments.
Launched in Dubai today, the study highlights that until recently, cyber-attacks have generally targeted Information Technology (IT) environments such as PCs and workstations. With the acceleration of digitalization and the convergence of IT and Operational Technology (OT), the region is now seeing a rising amount of attacks aimed at the OT environment.
The report investigates the readiness of the Middle East’s oil and gas sector to identify and protect against cyber threats. It also assesses what measures need to be taken to close the gaps, surveying around 200 individuals in the Middle East who are responsible for overseeing cyber security risk within their organizations.
“The convergence of IT and OT has become a key opportunity for attackers to infiltrate an organization’s critical infrastructure, disrupting physical devices or operational processes,” said Leo Simonovich, Vice President and Global Head, Industrial Cyber at Siemens Energy. “We know that attacks are becoming more frequent and increasingly sophisticated, and firms quickly need to assign dedicated ownership of OT cyber, gain visibility into their assets, demand purpose-built solutions and partner with experts who have real domain expertise.”
The report found some 60 percent of respondents believe the cyber risk to OT to be greater than IT, and in 75 percent of cases those questioned had experienced at least one security compromise resulting in confidential information loss or operational disruption in the OT environment in the last 12 months.
Another important take away from the study was that despite awareness of rising OT cyber risk, budgets for OT cyber services and solutions have not kept up with the threat. At present, oil and gas organizations in the Middle East dedicate only a third, on average, of their total cyber security budget to securing the OT environment. This suggests that organizations are not aligning their cyber investments with where they are most vulnerable and highlights the urgency to address OT cyber security.
The report outlines six key principles which underlie the most effective OT cyber programs, beginning with assigning and empowering dedicated ownership for OT cyber security. Organizations must overcome the fear of connectivity and gain continuous visibility into their OT assets, and the operating environment needs to be secured all the way to the edge. Analytics should be leveraged in order to make smarter, faster decisions, and organizations should demand purpose-built OT cyber solutions. Lastly, it’s crucial to partner with OT cyber security experts with real domain expertise.