OIL AND GAS INDUSTRY
Thycotic helps you protect your IP and safeguard your facilities against growing number of cyber attacks
WHAT’s the challenge
Hackers and cybercriminals are increasingly targeting the oil and gas industry. According to one recent study, 82 percent of oil and gas industry respondents said their organizations registered an increase in successful cyber-attacks over the past 12 months.5
WHY it’s important
The compromise of automated control systems among oil and gas producers poses a significant risk to the business and energy infrastructure of the US and other nations throughout the world.
HOW we solve it
Thycotic delivers comprehensive Privileged Account Management and Security solutions that secure privileged account passwords and lock down applications, endpoints and OS configurations. This prevents cyber attackers from getting control of legitimate credentials and gaining free access to IT networks.
SECURITY AND MANAGEMENT
Protect your IP – engineering documents are a major target for cyber theft
According to the Oil and Gas Monitor, the primary motivators for cyber-attacks within the energy sector include the search for privileged documentation, including data that can be leveraged to win competitive bids like ‘lease block’ diagrams, bid data, wellhead pressures, legal documents, functional operating aspects, architectural plans and project definition documents.1 By properly managing privileged account credentials and their access, you’re reducing the chances for data exfiltration and theft within your organization.
The benefits of Privilege Management for Process Control Networks
Oil, gas, and energy organizations often make use of process control networks to maintain and run key operational equipment. Typically, a process control network (PCN) contains SCADA and other operational equipment necessary for daily operations like rigging and drilling. This network is often air gapped, remaining physically isolated from any other network in the organization.
However, as more control systems require connectivity for monitoring or maintenance, it becomes increasingly common to logically separate the PCN from corporate networks through extensive firewalls and access controls. But this leaves room for security flaws such as human error, insider threat or even the potential for an outside attack through those secured connections.
Thycotic Secret Server privileged account manager can access these types of process controlled networks by placing a secured Distributed Engine within the network, or for maximum security, Thycotic Secret Server can be installed on its own instance onsite, completely separate from corporate IT. Administrators can then use Thycotic Secret Server to run discovery within the PCN to determine what local accounts are available and being used, and then bring those local accounts into Secret Server for added security and auditing on their usage.
Oil and gas companies have been the victims of sophisticated cyber threats since 2009. Many of these attacks have caused significant financial damages – and yet the industry is painstakingly slow in deploying proper cyber security measures adapted to the infrastructure.
-Michela Menting, Digital Security Practice Director, ABI Research
Cyber security spending on oil & gas will reach $1.87 billion by 2018
According to a recent ABI Research report, oil and gas cyber security spend from 2014 onward is predicted to reach $1.87 billion globally, including spending on IT networks, industrial control systems, data security, counter measures and policies and procedures.2 Having an effective privileged account management system in place that can securely vault and centrally manage outdated credentials on control systems or privileged access from suppliers and 3rd party vendors is a key cyber security strategy within oil and gas.
What happens if a process control network is compromised and halts production on a rig? What if a supplier you’ve fired still has privileged access to your network? Enforce privilege management on industrial control systems and strong management of outdated system credentials to prevent cyber attacks from escalating in your network.
Fix the biggest risk in oil & gas – secure your unmanaged Privileged Accounts
When it comes to IT cyber security risk, “nonhuman” privileged account credentials are the number one problem, and responsible for up to 62% of successful attacks.3 Without a privileged account, attackers can’t move laterally or escalate their attack in your network. As an oil and gas organization, there may be stale operational administrator credentials within your air-gapped network. Invest in the enterprise-class privileged account management solution that will close the most important security holes within your operational and information technology systems, and beyond.
Implement a Least Privilege strategy to protect your endpoints
Because your IT endpoints are portable and interact with business critical data, it is important that oil and gas companies look for ways to reduce the attack surface without impacting their user’s productivity. That means implementing “least privilege” solutions that can strengthen existing PC lifecycle management tools and malware protection tools. By ensuring your privileged accounts, processes, and settings are centrally controlled according to policies, your business can drastically reduce the risk of attackers gaining access to your network and critical data.
Thycotic helps you lock down Windows applications, endpoints and OS configurations
Oil and Gas organizations today need to lockdown desktops that help stop malware and ransomware attacks that can have devastating and costly consequences. By removing IT admin privileges from most users, and limiting privileges for IT admins you can limit the attack surface and significantly improve security. The powerful combination of three solutions within Thycotic’s endpoint security solutions help ensure that you can stop malware attacks at the end-point to limit an attacker’s ability to move beyond their initial point of entry.
Stop exploits such as malware and ransomware at the endpoint
Thycotic provides comprehensive endpoint privilege management and security solutions that:
- Assure least privilege application control.
- Enable administrative user group management.
- Deliver security compliance and automated remediation.