Oil and Gas Industry Accounted for 25% of Victims in June’s NotPetya Ransomware Attack; Frequency of Incidents Growing by
350% Year on Year
ADIPEC 2017’s Security in Energy Conference Will Focus on Strategies to Mitigate Cyber Crime Risks and Deploy Defence Mechanisms to Protect Critical Industry Systems and Infrastructure
Abu Dhabi, UAE – 03 October 2017 – Organisers of the second annual Security in Energy conference, to be held in Abu Dhabi in November, say that oil and gas has been exposed as a prime target for cyber criminals after the industry was singled out during international ransomware attacks.
Co-located within the Abu Dhabi International Petroleum Exhibition and Conference (ADIPEC), Security in Energy recognises the increasingly critical importance of IT systems to oil and gas operations, and follows two major ransomware attacks in the first half of 2017.
The second of these, the NotPetya attack at the end of June, appears to have specifically targeted oil and gas companies. According to analysis by Kaspersky Labs, just three business sectors accounted for around 80 per cent of targets. Oil and gas accounted for around 25 per cent, a close second to the finance sector, and just ahead of manufacturing.
“Cybercrime is a serious problem for any business, but recent incidents raise concerns that oil and gas companies will be high-priority targets for attacks,” said Christopher Hudson, President – Global Energy at dmg events, which organises ADIPEC in partnership with Abu Dhabi National Oil Company (ADNOC). “The Security in Energy conference provides a robust discussion specific to the needs of this industry, helping companies ensure that strong defences are in place.”
Recent reports predict the Middle East cyber security market will grow from US$11.38 billion in 2017 to US$22.14 billion by 2022. ADIPEC’s Security in Energy Conference delivers the latest market intelligence in energy security protocols, and places a spotlight on the best innovations, security practices and crisis planning within the industry.
Specific conference sessions will cover key topics in cyber security, including ransomware; the internet of things (IoT); the convergence of operating technology and IT; security and compliance risks in cloud computing; risk management for supply chain and business continuity and the use of big data and analytics. Keynote addresses will focus on the balance between investment and risk, and the impact of regional collaboration on oil and gas security, with discussions to include both defensive and offensive approaches to security.
The conference programme is planned to offer immediate relevance to oil and gas. For example, there will be a significant discussion of threats to critical infrastructure, where attacks could cause widespread operational disruption and safety risks. It will offer insights into and front-line protection strategies, whether for new systems, or by retrofitting of existing industrial control systems to build secure and resilient operations.
There will also be a dedicated Security in Energy zone within the ADIPEC exhibition halls.
“Illicit cyber activity is here to stay,” said Don Randall, Former Head of Security and Chief Information Security Officer for the Bank of England, who will be sharing his expertise during the conference. “But understanding the motivation of the perpetrators, with appropriate responses and education, can substantially reduce the risk and harm.”
The list of speakers will feature leading figures from organisations tasked with tackling cybercrime in the Middle East, including Ahmed Alshemaly, Director, Cyber Defense Centre, National Electronic Security Authority (NESA), United Arab Emirates; Eng. Ibrahim AlShamrani, Executive Director of Operations, National Cyber Security Center, Ministry of Interior, Saudi Arabia; and Mohammed Bushlaibi, Forensic Analyst, Telecommunications Regulatory Authority (TRA), United Arab Emirates. They will speak alongside renowned international experts.
According to Accenture’s High Performance Security 2016 Report, 96 cyberattacks were reported over 12 months by oil and gas company heads, while 55 per cent of oil and gas leaders say the need to fill cybersecurity gaps in end point or network security is their most pressing concern. The Cisco 2017 Annual Cybersecurity Report estimates that the frequency of ransomware attacks is growing by around 350 per cent each year. The tools to conduct an attack are easy to obtain and easy to use. Ransomware is even available as a software-as-a-service subscription.
While the number of attacks is increasing, there are concerns that some oil and gas companies have reduced their security budgets as they struggle to balance cost and risk at a time when finances are under pressure, leaving themselves dangerously exposed. The Security in Energy conference sessions will aim to bridge this awareness gap, emphasise the importance of building a solid defence platform against cyber-attacks and understanding the fallout of an attack and its implications to business.
"Cybercrime is a threat to the global economy,” said Sandip Patel, QC, a UK-based lawyer and leading international expert on prosecuting cybercrime cases in court, and one of the speakers at the Security in Energy conference. “Some estimates cost it at more than 445 billion dollars, but the true cost is far greater as many countries do not report on this."
By co-locating security within ADIPEC, one of the world’s most important strategic gatherings for top global oil and gas executives, Security in Energy ensures that the integrity of systems is part of a broader discussion of industry issues.
A company’s security protocols are generally in the capable hands of the CIO/CISO. However, in order for the protocols to be 100 per cent understood and delivered, it is the priority of the entire organisation, from the top-down and bottom-up, to ensure a solid framework and delivery. Bridging the vocabulary gap between security professionals and their CEO’s and senior management teams is vital to ensure they are all aligned on the ever-present security risks to their organisation.
“Reducing cost and improving efficiency are important messages in oil and gas today, and many companies are investing in technology to reduce their costs,” said Christopher Hudson. “Keeping that technology safe and secure needs to be a number one priority. It needs to be as much a concern for the Chief Executive Officer as it is for the Chief Information Officer.
“Security in Energy recognises that this is a core issue for a modern business, and cannot be pushed into a departmental silo.”
Held under the patronage of His Highness Sheikh Khalifa Bin Zayed Al Nahyan, President of the UAE, hosted by the Abu Dhabi National Oil Company (ADNOC), and organised by the Global Energy division of dmg events, ADIPEC is one of the world’s leading oil and gas events, and the largest in Africa and the Middle East.
ADIPEC will be held at Abu Dhabi National Exhibition Centre from 13 to 16 November 2017, with the Security in Energy Conference to be held on 14 and 15 November.
- ENDS –
Held under the patronage of the President of the United Arab Emirates, His Highness Sheikh Khalifa Bin Zayed Al Nahyan, and organised by the Global Energy division of dmg events, ADIPEC is the global meeting point for oil and gas professionals. Standing as one of the world’s top energy events, and the largest in the Middle East and North Africa, ADIPEC is a knowledge-sharing platform that enables industry experts to exchange ideas and information that shape the future of the energy sector. The 19th edition of ADIPEC 2016 took place from 7-10 November at the Abu Dhabi National Exhibition Centre (ADNEC). ADIPEC 2016 was supported by the UAE Ministry of Energy, Masdar, the Abu Dhabi National Oil Company (ADNOC), the Abu Dhabi Chamber, and the Abu Dhabi Tourism & Culture Authority (TCA Abu Dhabi). dmg Global Energy is committed to helping the growing international energy community bridge gaps by bringing oil and gas professionals face to face with new technologies and business opportunities.
For media enquiries, please contact:
Senior Marketing Manager, DMG Events Global Energy
Twofour54, Park Rotana Offices, 6th Floor
PO Box 769256, Abu Dhabi, UAE
T: +971 (0)2 6970 515
T: +971 4 275 4100
Mark Robinson (English): +971 (0)55 127 9764
Feras Hamzah (Arabic): +971 (0)50 798 4784
Something interesting to share?
Join NrgEdge and create your own NrgBuzz today
Oil and gas sector is one of the most lucrative sectors for job seekers from industries all over the world. It offers great salaries and benefits packages and an opportunity to travel and work overseas. Due to its high demand, scammers are preying on the vulnerable oil and gas workers. To ensure you don’t fall prey to their mischievous tactics, we would recommend reading our guideline below:
How does scamming occur?
The scammer poses as an employer or recruiter of an oil and gas company or he may claim to be an employee or recruiter for a job consultancy firm catering to the oil and gas industry. They offer irresistible employment opportunities and often demand money in advance to conduct further processes. Money is often demanded on the pretext of work visas, travel expenses, background or credit checks that the job requires.
What do scammers want from you?
It is important to understand what the scammer's agenda is so that it helps you shield yourself from getting conned:
To extract money: On the pretext of getting you a job in the energy sector employing any of the tactics mentioned above
For identity theft: scammers look for valid identity of people and ask for confidential personal details including bank details to commit fraud through your name or to withdraw money from your account.
Whatever be their modus operandi, their goal is to either separate you from your cash or accomplish an identity theft. The bigger problem is, the scammers are getting better at their game and coming up with innovative ideas to lure innocent job seekers. In oil and gas industry, the scammers are targeting the job seekers from overseas, immigrants or contractors as they feel it is easier to attract them on the pretext of work permits, high salaries, paid travel, better lifestyle in the first world countries.
How to spot a job scam and keep yourself secure?
There is always a difference between real and fake, all you need to do is be watchful to notice the underlying discrepancies. There is a pattern that scammers usually follows, which is discussed below. Make sure you watch out for these red flags when you receive any job offer next time:
Free email provider - No legitimate hiring agency or company will use the services of free email provider like Gmail, Hotmail, or Yahoo. So, if you are receiving an email or have been requested to share your details on emails that use free email services, then be extremely cautious. The scammers try to trick the job seekers by using an email address that looks authentic for instance: [email protected]. It is important to notice here that the ‘xyz’ part of the email ID is usually a gmail, yahoo, etc. which is a free email address. A legitimate job provider would never use.
Fake or new company name - If company name or oil and gas recruitment agency name is mentioned along with the free email id, then do a quick search on the company. Verify its existence and contact them via official email address and contact numbers mentioned on the website. Check their social media presence too. If the website and social media page look new while the company claims to be in business for a substantial amount of time, know for sure that there is something fishy.
Bad grammar and confusing job details - The scammers usually do not pay much attention to structure the mail. You can spot grammatical errors and even the job descriptions are not explained well or is completely different than your skillset and experience. Any authentic mail from a company or oil and gas recruitment agency will ensure an error-free, concise, and clear communication
Fee to conduct a job interview - No legitimate oil and gas company or recruitment agency will ever ask for money to conduct a job interview or to apply to job positions. If the mail says, the money will be refunded once you appear for a job interview, then please do not trust such claims as it is always bogus.
Asking for confidential personal information - Anyone asking for information that you will never put on CV, is a warning sign. It includes your bank details, passport copy, identity cards, your current residential details and so on. No genuine company will ever ask for such details before you sign the offer letter. If by chance, you have shared your bank details or another confidential detail to the scammer, contact your bank and email service provider and register a complaint against it.
Unknown source - There are countries who have strict spam rules and until you subscribe or give consent to the company, they cannot send you emails. So, if you receive an email from a company you haven’t contacted or have not applied for jobs, then be cautious it might be a scam.
The principle on which scammers operate is “Too good to be true”. Don’t entertain any job offer that offers a position, you are not qualified for or offers a salary which is unrealistically high. In the oil and gas sector, be careful not to reveal your passport/work visa details to the scammer. Remember, if you find anything which is way beyond the realistic expectations, then trust your instincts and drop the offer and do not respond.
See our infographic below for a quick summarized glance -
If you are looking for a job in the Energy sector then sign up today to stay updated with the latest industry news, apply for jobs and network - https://www.nrgedge.net/jobs
Searching for the right talent is often a tedious chore for the HR. However, with technological improvements, the usage of app-based recruitment has increased manifold. Recruiters and job seekers are increasingly adopting this new method. A mobile application simplifies the labor-intensive and time-consuming recruitment task and comes loaded with features that help to automate the recruitment cycle. For all the good, app-based approach can do, it still comes under fire from the critics. Here's our take on the pros & cons of App-based talent search.