February 2019

Columns

Cybersecurity: Why emails should be a cybersecurity priority

The oil and gas industry is becoming increasingly digitized—but is it improving its cybersecurity measures to match?

Edry, I. U., Trustifi

The oil and gas industry is becoming increasingly digitized—but is it improving its cybersecurity measures to match?

Precision Analytics, a security consulting firm, found that oil and gas companies invest less than 0.2% of their revenue in cybersecurity, a concerning fact considering that the oil and gas industry is proving to be an attractive target to criminals and cyberterrorists.

A recent study by the Ponemon Institute showed that oil and gas is the second-most-targeted industry in the world, with 68% of respondents claiming their workplace suffered some kind of data breach or attack. Another survey found that the industry is experiencing an increase in successful cyberattacks and leaks.1

How can the oil and gas industry stay ahead of the curve? A crucial first step is to protect one of the central parts of any organization’s online infrastructure: emails.

Why secure emails?

Emails should be at the forefront of every company’s cybersecurity concerns. Consider Saudi Aramco, which suffered one of the biggest data breaches in the world in 2012. Someone on the IT team opened a suspicious email and clicked on a malicious link, giving the hackers access to the company’s entire system. What happened next to Saudi Aramco was catastrophic: 35,000 computers were wiped or damaged, and Aramco was reduced to using typewriters and faxes to operate.

While most people associate phishing scams with suspicious, spam-like emails, the truth is that they are becoming increasingly sophisticated.

What is email encryption?

Sensitive data that is regularly sent through emails include tax information, insurance forms, contact numbers and more. Extremely sensitive information can include intellectual property, blueprints and passwords. If any of this data is leaked to the public or sold to someone else, it could be disastrous for a large organization involved with state-of-the-art research and technology.

Leaks like these could be prevented through encryption, which is a process that protects emails by scrambling the information inside until a unique key is provided.

Unfortunately, encryption has yet to become a cybersecurity standard in the oil and gas industry. The same Ponemon industry survey mentioned earlier claims that 62% of respondents consider encryption effective, but only 48% plan to use encryption regularly in the future. One reason could be that having to send an email protected with encryption can be cumbersome and slow. Thankfully, new, secure email services have made it easier to integrate encryption into a business’ email communications.

Postmarking

Utilizing a tracking or postmarking service could allow employees to quickly verify and screen every email sent to them. If they are sending sensitive information, tracking allows them to see who is opening the email, where in the world it is being opened, whether it has been downloaded, and to whom it is being forwarded.

When a secure email service uses postmarking, it can prevent certain messages from being identified as spam, but it is also the ideal way to send important documents. When sensitive information is being delivered, a postmarked email acts as a kind of electronic certified mail that can securely deliver official documents.

Two-factor authentication

While strong password selection is the cornerstone of any cybersecurity protocol, adding another layer of security is also becoming a necessary practice for protecting emails. Integrating two-factor authentication, a way of hiding emails until a separate, unique key is entered, is a recommended way to keep emails secure. With two-factor authentication, if a cybercriminal somehow gains access to an employee’s password, they still would not be able to access the account or the contents of the email.

Of course, a data breach of an oil and gas company can be disastrous for more than a company’s communication. Due to the potential political, environmental and financial ramifications of a massive data hack, there is a special urgency in securing an oil and gas company’s emails.

Despite the fact that the oil and gas sector is involved in one of the most critical forms of infrastructure in the world, it has no cybersecurity standards or regulations. Still, with the rise in breaches and the threat of automated programs being accessed by cybercriminals, companies must stay ahead of the game, regardless of the lack of regulation.

Thankfully, companies can utilize a handful of common-sense measures to establish a competent cybersecurity infrastructure. With a comprehensive, integrated approach to protecting company emails, company data and reputation can be preserved and continue to safely serve the billions of people that depend on the oil and gas sector. HP

Literature cited

  1. TripWire Inc., “Tripwire study: Cyber attackers successfully targeting oil and gas industry,” January 14, 2016, online: https://www.tripwire.com/company/press-releases/2016/01/tripwire-study-cyber-attackers-successfully-targeting-oil-and-gas-industry/

The Author

Related Articles

From the Archive

Comments