Ashraf Koheil, regional director, MEA – FireEye talked to Pipeline Magazine about the type of cyber-attacks the energy sector can face and what companies should look to do
What is FireEye’s cyber security strategy going forward?
At FireEye, our mission is to relentlessly protect our customers with the technology and expertise acquired from being on the frontlines of cyber-attacks. We know technology alone is not enough to combat the current threat landscape, so we deliver a complete suite of detection, protection, response capabilities and intelligence consulting to protect organisations against the most advanced threats.
What are your customers’ top priorities when it comes to cyber security?
Our customers look to us to ensure they are protected against cyber-attacks from every angle. With FireEye staff spending more than 1 million hours per year on the front line of attacks, customers trust and depend on our real-time knowledge of the threat landscape. They look for partners that can deliver not only on technology, but the context and threat intelligence to back it up.
How are cyber security attacks on the oil and gas sector evolving?
The oil and gas industry is a prime target for all types of cyber-attacks. Nation-state actors, rogue terrorists, criminals and hacktivists have varying motives, including sabotage, espionage, financial gain, or political causes. The energy industry will likely continue to be a high priority target, particularly given its importance to national and economic security. We expect the following situations may further contribute to threat activity towards the industry:
- The continued drop in oil prices may influence cyber criminals to attack pilfered oil or gas drilling technology in light of profitability concerns.
- Continued innovations in fossil fuel development and alternative energy production will probably also lead to increased cyber espionage as groups try to obtain intellectual property and proprietary data for the benefit of state-owned companies.
- Growing global demand for energy and dwindling natural resources will likely result in increased cyber espionage against the sector as nation states seek intelligence that would afford them a competitive advantage when vying for energy security.
- Observed espionage by suspected Russian-based threat groups may target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.
- Conflict between countries could also result in increased threats as state-sponsored threat actors may try to increase pressure by disrupting the energy supplies.
- Environmental issues and other controversies related to energy production may also result in increased activity from hacktivists seeking to call attention to the issues and embarrass organisations that they view as responsible.
What are the major hurdles companies face when looking to implement a cyber security strategy?
We recently issued our Cyber Trendscape Report which surveyed over 800 IT executives across the globe to help organisations benchmark their cyber security initiatives. Part of the report looked at challenges that companies face with their cyber strategy. The report showed that many factors impact the maturity of an organisation’s cyber security programme and its ability to be resilient against cyber threats. According to our findings, organisations reported that the main challenges they faced when it comes to implementing cyber security strategies were primarily IT and security technology maturity (over 80 per cent) followed by IT and security process maturity (80 per cent) and then visibility into threats (70 per cent). A majority of organisations (63 per cent) also indicated that it was a challenge to balance cyber security and day-to-day IT operational requirements. Looking at these results, it’s clear to us that organisations need a trusted cyber security partner who can help alleviate some of these pain points.