In today’s digital world, the energy sector has emerged as a primary target for cybercriminals. Given that energy systems are the backbone of economic activity and heavily reliant on complex, around-the-clock digital infrastructure, energy companies’ Intellectual Property (IP) and critical data have never been more vulnerable, while rising prices and geopolitical motives are other factors behind frequent attacks. Kingston Technology Europe Co LLP, an affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, is calling on energy providers to counter emerging threats by deploying the latest security solutions – including in the Middle East and North Africa (MENA).
In recent months alone, nations across the region have been proactive in their efforts to ensure energy sector resilience and cyberattack preparedness. The Abu Dhabi Department of Energy (DOE) signed a Memorandum of Understanding (MoU) with the Cyber Security Council to enhance UAE energy sector security in October 2022. Meanwhile, Saudi Arabia hosted the Global Cybersecurity Forum the following month, where the Kingdom highlighted widespread energy sector vulnerabilities and the need for international collaboration to permanently address long-standing and evolving frailties. However, more must be done to combat cyber threats and regional companies can contribute by taking adequate steps to protect themselves.
“Although many benefits accompany digital transformation, embracing the trend is not without its discrepancies – a fact substantiated by the volume of cyberattacks being witnessed within the energy sector,” explained Antoine Harb, Team Leader, Middle East, Kingston Technology. “The increasing threats industry incumbents are experiencing can prove detrimental should their security systems be breached, with potential repercussions ranging from reputational damage and financial losses to strained client relationships and regulation compliance shortcomings. As such, ensuring security systems are secure and regularly undergo audits is paramount.”
With IP and critical data protection a non-negotiable necessity for energy companies, Kingston Technology maintains that encrypted threat protection solutions can help bridge security gaps, mitigate risks, and complement organization’s security strategies, providing a robust surface of protection through an easy-to-integrate encryption process.
By carrying out a comprehensive IT security assessment across their entire device portfolio, energy providers can verify their current security status. Should they be categorized as ‘high risk’, they can pursue corrective action, establishing policies and deploying security solutions as part of a revised endpoint device management strategy.
“Energy companies must be supported in their IP and data security endeavors and acquire solutions to accommodate their off-site teams,” said Harb. “Encrypted devices and USB drives are viable, proven solutions for boosting the required level of security. Backed with unique customer Product IDs, they are manufactured to be compatible solely with a company’s unique end-point management software, offering reliable protection and a simple, secure way to preserve confidential energy-related information.”
Benefits aside, hybrid working models adopted by many energy providers across MENA are susceptible to cyber infringements. While office-based personnel connected to network servers often use SharePoint or similar cloud-based sharing tools to save and share data, approximately 40% of workforces in off-site, field-based jobs require access to data outside the internal Wi-Fi network.
Easy-to-use encrypted portable devices such as USB drives and external SSDs are therefore essential for preventing potential breaches, with solutions available that enable companies to manage such devices through their own endpoint management software. Encryption features ensure unauthorized devices cannot infiltrate an organization’s network, thereby boosting security and eliminating potential risks from the equation. A simple yet effective approach is to whitelist USB storage devices by utilizing their respective Vendor Identifier (VID) and Product Identifier (PID) values.
With complete control over what devices and drives can be used within their organizational framework, as well as newfound audit and IP and data protection capabilities, energy providers can also be assured of their compliance with regulatory standards, which is also essential given the costs of data breaches.
The average cost of data breaches for critical infrastructure organizations – including those in the energy sector – is estimated to be $4.82 million globally, with 28% having experienced a destructive or ransomware attack, according to a recent IBM report.
“For MENA-based energy sector players, the need to reinvigorate their respective security postures and protect IP and critical data with the latest highly-capable solutions has never been more urgent,” added Harb. “It is important to appreciate that the region has become a hub for cyberattacks and infringements as nations and industries become increasingly digitalized to achieve economic diversity. Energy is no exemption and – with the wider sector integrating more technologies for operational efficiency and energy transition purposes – organizations are compelled to explore available options and address threats as part of an in-depth defense approach.”
Local and regional energy suppliers seeking to secure their IP and critical data can begin via Kingston Technology’s Ask an Expert service, which provides companies with an opportunity to take the first steps towards optimizing their infrastructure, combating threats, and achieving their goals.