Cyber security breaches in the Middle East are widespread and frequently undetected, with 30 per cent of the region’s attacks targeting operational technology (OT), according to a new study by Siemens and Ponemon Institute
The study, which examines the region’s oil and gas sector, reveals that while firms have begun to invest in protecting their assets from cyber threats, more needs to be done to increase awareness and the deployment rate of technology if they are to secure their operating environments.
Launched in Dubai today, the study highlights that until recently, cyber-attacks have generally targeted information technology (IT) environments such as PCs and workstations. With the acceleration of digitalisation and the convergence of IT and operational technology (OT), the region is now seeing a rising amount of attacks aimed at the OT environment.
The report investigates the readiness of the Middle East’s oil and gas sector to identify and protect against cyber threats. It also assesses what measures need to be taken to close the gaps, surveying around 200 individuals in the Middle East who are responsible for overseeing cyber security risk within their organisations.
“The convergence of IT and OT has become a major opportunity for attackers to infiltrate an organisation’s critical infrastructure, disrupting physical devices or operational processes,” said Leo Simonovich, vice-president and global head, industrial cyber at Siemens Energy.
“We know that attacks are becoming more frequent and increasingly sophisticated, and firms quickly need to assign dedicated ownership of OT cyber, gain visibility into their assets, demand purpose-built solutions and partner with experts who have real domain expertise,” Simonovich added.
The report has found that about 60 per cent of respondents believe the cyber risk to OT to be greater than IT, and in 75 per cent of cases, those questioned had experienced at least one security compromise resulting in confidential information loss or operational disruption in the OT environment in the last 12 months.
The report outlines six major principles which underlie the most effective OT cyber programmes, beginning with assigning and empowering dedicated ownership for OT cyber security. Organisations need to overcome the fear of connectivity and gain continuous visibility into their OT assets and the operating environment needs to be secured all the way to the edge. Analytics should be leveraged in order to make smarter, faster decisions and organisations should demand purpose-built OT cyber solutions. It’s crucial to partner with OT cyber security experts with real domain expertise.