Energy companies are on the front lines of the cyberthreats facing the nation, with all of them likely to be infiltrated by hackers no matter what precautions they take, an expert said during the API Cybersecurity Conference & Expo in Houston on Tuesday.
The companies are among those most frequently targeted for cyberattacks, and need to take action to monitor their systems and quickly identify when they have been hacked, said Kevin Mandia, CEO of computer forensics firm Mandiant. Still, oil and gas companies, like businesses in other industries, will not be able to prevent hackers from getting into their systems, no matter how much they invest in defenses, he said.
Mandia compared companies hoping to block all cyberattacks to football teams trying to stop NFL quarterback Tom Brady from completing a single pass.
“It’s not a valid philosophy,” Mandia told the computer security workers from oil and gas companies gathered at the Westin Houston Memorial City hotel. ”You do the best you can. What you really try to do is contain Tom Brady’s passing to certain plays. Keep him out of the end zone.”
Utility executives: Major cyberattack on power grid is inevitable
The danger of a cyberattack on an oil company could involve serious physical and environmental damage, stolen funds, or lost intellectual property. The results could be lost human life and millions of dollars in damages.
While antivirus software can help block some threats, hackers have been successful in getting around those defenses because of company employees, Mandia said. Workers who click on contaminated links in emails have infected systems and led to hackers taking control and attempting to steal data.
“Right now the vulnerability is actually human,” he said.
So far, no serious attempts to damage companies by destroying large amounts of data or causing major physical incidents have occurred in the United States, Mandia said. But Mandiant has noticed an increase in activity with that aim, Mandia said.
Weak security: Hackers targeting energy subcontractors for big steals
He said hackers hoping to break into a company would most likely target specific employees.
“The first step would be to Google exxonmobil.com,” Mandia said. He said hackers would look for people who have email addresses with the company, then would find information about them to tailor emails that might lead them to click on contaminated links or download bad files.
Mandia said the company had tracked 141 cyberattacks from a specific Chinese military unit since 2006, with eight of them targeting energy companies. He said the 141 attacks likely represented just 2 percent of all attacks attempted by the Chinese unit.