Dubai: Cybersecurity breaches in the Middle East are widespread and frequently undetected, with 30 per cent of the region’s attacks on the oil and gas sector targeting operational technology (OT), according to a new study by Siemens and the Ponemon Institute.
IT systems refer to storage systems, computing technology, business applications and data analysis while OT systems are machinery and equipment, asset-monitoring systems and control systems.
The study, which examines the region’s oil and gas sector, reveals that while firms have begun to invest in protecting their assets from cyber threats, more needs to be done to increase awareness and the deployment rate of technology if they are to secure their operating environments.
“The convergence of IT and OT has become a key opportunity for attackers to infiltrate an organisation’s critical infrastructure, disrupting physical devices or operational processes,” said Leo Simonovich, vice-president and global head of Industrial Cyber at Siemens Energy.
With the acceleration of digitalisation and the convergence of IT and OT, he said the region is now seeing a rising number of attacks aimed at the OT environment.
“We know that attacks are becoming more frequent and increasingly sophisticated, and firms quickly need to assign dedicated ownership of OT cyber, gain visibility into their assets, demand purpose-built solutions and partner with experts who have real domain expertise,” he said in a statement on Tuesday.
The report found about 60 per cent of respondents believe the cyber risk to OT is greater than that posed to IT, and in 75 per cent of cases those questioned had experienced at least one security compromise resulting in a loss of confidential information or operational disruption in the OT environment in the last 12 months.
The study also showed that despite awareness of rising OT cyber risk, budgets for OT cyber services and solutions had not kept up with the threat.
“At present, oil and gas organisations in the Middle East dedicate only a third, on average, of their total cybersecurity budget to securing the OT environment. This suggests that organisations are not aligning their cyber investments with where they are most vulnerable and highlights the urgency to address OT cybersecurity,“ the study showed.