Oil Review Middle East speaks with SANS Institute and Nozomi Networks to gain their insights into the best practices and methods oil and energy companies should follow to stay protected against cyber threats
As the threat of cyberattacks continue to rise in the Middle East, companies are looking for solutions to counter these threats in their journey to digital transformation. According to the Tenable Threat Landscape report, 2022 saw record high cyber breaches for the oil and energy sector, raising the question as to what energy companies can do to implement sufficient defences to protect critical infrastructure.
Commenting on the latest tends/patterns concerning cyberattacks in the region, Michael Heering, marketing director, Global Field Marketing at SANS Institute, says, “The Middle East has been witnessing a surge in cyberattacks, with cybercriminals targeting various sectors such as energy, finance, and telecommunications. Some of the most prevalent trends include ransomware attacks, which have increased significantly in recent years. In these attacks, cybercriminals encrypt valuable data and demand payment in exchange for releasing it.
“Advanced Persistent Threats (APTs) are another rising concern, often originating from well-funded cybercriminal groups. These attackers infiltrate organisations' networks and remain undetected for extended periods, causing significant damage.”
Heering goes on to explain other different types of attacks, including phishing and social engineering, cloud-based attacks, and supply chain attacks. He also discussed the importance of training the workforce to both tackle and prevent cyber threats.
“Training the workforce is critical in creating a strong cybersecurity culture and effectively mitigating cyber threats. All employees, both technical and non-technical, should receive regular training to understand the risks and identify potential threats,” he remarks.
“Continuous learning is vital as even experienced security professionals can fall victim to the latest phishing scams. To stay ahead of cybercriminals, organisations must invest in ongoing education, training, and certification programmes for their personnel.”
Highlighting how companies could start the process into security coverage, Anton Shipulin, industrial cybersecurity evangelist at Nozomi Networks, comments, “Companies should first start small with asset visibility to improve their visibility capabilities; they need to use the segmentation for their network. Everyone knows that segmentations signal network segmentations and hosts and endpoint device protection, they cover 80% level protection of all environments, they need to use specific devices for controlling the information flow in network, like firewalls and so on.
“And, they need to do the continuous vulnerability management or deal with in detection. Of course, monitoring is a must here, they need to monitor networks, monitor cost activities, they need to send the event information logs to central security operation centres if they have that in the company. If they don't have it, they should establish that. There are plenty of regulations, local, national, international and industry-specific standards, there is no shortage on that. They need to find the one is most relevant to them and follow the rules, follow the requirements.”
Both companies also took the opportunity to showcase their latest innovations and discuss the direction they are headed at GISEC 2023, held in Dubai in March 2023.
“Our focus was on showcasing the latest cybersecurity training programmes and solutions offered by the SANS Institute,” says Heering. “We aimed to emphasise the importance of workforce training and development in combating cyber threats in the Middle East. We also highlighted our cutting-edge courses, including those that address emerging trends like cloud security, threat intelligence, and secure DevOps. Our presence at GISEC aimed to create awareness about the value of SANS training and certifications in building a strong cybersecurity workforce in the region.”
For Nozomi Networks, Shipulin explains, “For us, the the big news this year, right before GISEC started, was the launch of our new product, which is called Nozomi Ark, an endpoint security agent which extends the protection of our OT and IoT clients with host activity monitoring capabilities. So, this was our main message at the event that will show that now we are even better in monitoring environments, even in areas where it is not possible to use network sensors; now we have endpoint sensor.”
To read the full article, visit page 34 of the current issue at Oil Review Middle East at: https://www.oilreviewmiddleeast.com/current-issue
