While most would think that the risks junior oil and gas companies are taking in exploring new frontiers as far away as the remote reaches of Africa are related to government instability and conflict, another risk they face is right at home and lies right beyond their network firewalls.
Cyber security breaches are becoming more common place as the ranks of junior companies swell and take on new exploration venues with a great deal of energy. But at home their firewalls are not safe and hackers are being paid to find out what juicy exploration news is being discussed in their boardrooms.
In Canada—home of some of the most tenacious of these exploration juniors—local media reported late last year that the internal firewall of Telvent Canada Ltd. had been breached by foreign hackers.
These hackers can represent anyone from a competitor to an organized crime group to political and environmental activists. And the information they want can be anything from preliminary exploration results, merger and acquisition talks and expansion plans to geological data and technological information. All of it is valuable. All of it is sellable.
According to Ernst & Young, most oil and gas companies don’t have high enough network security standards. This is demonstrated by the rising incidents of external cyber attacks. Some companies in the industry don’t even have a formal security framework in place.
Everything changes with everything else, and while exploration is getting both smaller and bigger at the same time, cyber attacks are being more targeted, taking advantage of individuals who use their own electronic devices to connect to their company’s network. This is where the biggest weaknesses emerge.
There is an accelerating trend for oil and gas companies to require their employees to use their own mobile devices for work. It’s such a trend, in fact, that it even has its own acronym: BYOD, or bring your own device. But because of the security implications this entails, analysts predict that 65% of enterprises will adopt a mobile device management solution in the next five years.
What this means is that they will need a more secure way to handle sensitive information if their employees are using their own devices, storing company information on those devices and linking up to company networks. Lines between personal and corporate data can be very blurry and this is exactly what cyber attackers are targeting.
There are other weak links, too. Smaller oil and gas exploration and production companies often require external assistance to identify opportunities in foreign countries, to network with the right people and to navigate government figures and regulations. The help they enlist creates another chink in the armor as important data is sent back and forth.