Over the weekend the Federal Parliament, Channel Nine, the Victorian health network, were successfully hacked by cyber terrorists. Just today, Taylors Wines announced its systems had been compromised too. The attacks were just the latest this year in an escalation of cyberattacks on big law firms and other businesses.
These attacks should be a "huge wake-up call" for Australian oil and gas and broader energy companies, according to experts, which warned the sector could be next.
In an exclusive interview with Energy News, cybersecurity analyst and chief executive of cybersecurity firm Secolve, Laith Shahin, said energy companies should be "severely worried."
"Oil and gas companies should be very worried. The threat is real," he said Monday.
"Energy and resources companies are the bread and butter for the Australian economy. It makes sense [the] resources' industry could be next," Shahin said.
Late last year Secolve released a report looking at resource's companies' preparedness for cyberattacks, noting that the majority of businesses were "failing to put in place appropriate measures to prevent attacks."
Cyberattacks could most likely target critical industrial operating systems at offshore and onshore oil and gas sites, according to Shahin.
"Attacks take various shapes, it could hit operational disruption, or be aimed at their IT network to make accessing the network harder," he told Energy News.
He said just one third of respondents to a survey he conducted in September had implemented new software and hardware over the last two years.
One in every 10 businesses in the resources sector had not reviewed or updated their systems at all.
Shahin said both IT and OT systems across industry needed to be reviewed.
"It is just as important whether you are a large enterprise such as BHP, or a small cap," he said.
"There is a misconception that big companies are always the target. That is why a lot of smaller companies don't have secure networks, they think ‘why would anyone hack me?' but everyone is a target and a critical point in the supply chain."
"To get to a larger company, cyber attackers might target the small players to get into the larger players," Shahin said.
Shahin also warned that companies could already have been hacked without them knowing.
"In many instances attacks take place without companies even knowing they've taken place."
Shahin said while it might be too late for some companies, a proactive approach in the future was needed.
In the meantime, Shahin said companies should ensure visibility across their networks, and dust off incident response plans to prepare.
While Federal Parliament was attacked over the weekend, a spokesperson from the National Offshore Petroleum Safety and Environmental Management Authority (NOPSEMA) said it had not been subject to cyber attacks.
