As digitisation progresses in the gas and power sectors, it is bringing the internet closer to the operational environment – and with that comes a growing threat of cyber-attacks.
Apart from data theft and other regular cyber-threats faced by all businesses, interference in the gas and power sector can cause major disruption and damage, and severely affect many aspects of daily life.
Cybersecurity ranks second among corporate treasuries’ top areas of concern for the next three years, according to a recent survey by the Association for Financial Professionals. The issue is moving up the agenda as it grows in scale, with one aspect – data theft – projected to balloon to around 33bn records in 2023, up from 12bn in 2018, according to Cybercrime & the Internet of Threats 2018 from Juniper Research.
In the gas and power sector, however, the risks extend well beyond the theft of data. Critical assets can be taken offline or even physically threatened by cyberattacks, with the impact potentially influencing markets and prices. They can also impact the security of power supply – which is crucial to so many aspects of life today, including internet operation and wider communication. So, the challenge raises questions of national/ economic security and stability, as well as the more mundane privacy issues.
Industry analysts have said that oil and gas companies should go far beyond their annual attack and penetration testing and should engage a firm to provide adversary attack simulation services, threat hunting and acquire threat intelligence focused on their most critical assets.
Accenture’s approach for these sorts of solutions is to perform reconnaissance of an energy company, gain access to systems and navigate to critical operational technology and ICS (industrial control) systems.
As potential gains in reducing energy operations and business costs through automation continue to emerge, IT and OT convergence will further grow throughout the energy value chain, despite the potential increase in security vulnerabilities to the IT and OT environments.
According to Deloitte, it says Nigerian companies were not immune to the spree of cyber-attacks and data breaches. “We had a mix of cases originating from phishing attacks, malicious software embedded at payment interfaces and ransomware. Although these attacks did not receive heavy media coverage, billions of Naira was lost”.
Many organisations it stated also experienced cryptojacking; a situation whereby attackers use the victim’s computer to mine cryptocurrency. There was an increase in cryptojacking due to the fact that it is a cheaper alternative to ransomware that requires much less technical skills.”
Just as we predicted in the Deloitte Cyber Security Outlook for 2018, Cyber Security Regulations played a key role in 2018 as it became one of the major drivers for security.
Regulations such as the Central Bank of Nigeria (CBN) Cyber Security Framework and the EU’s General Data Protection Regulation (GDPR) came to the fore ultimately raising the importance of security among Nigerian companies. It is also important to note that the GDPR also affects Nigerian companies transacting business with European citizens.
An overview of the 2019 Cyber Security Landscape shows that we can expect some of these trends to continue with a number of them being amplified.
Watch out for these major trends that could impact the Nigerian Cyberspace in 2019.
Olusola Bello
