Colonial Pipeline is Not Alone: Ransomware Risk in the U.S. Oil/Energy Sector

Colonial Pipeline is Not Alone: Ransomware Risk in the U.S. Oil/Energy Sector

After last week’s catastrophic cyber incident targeting Colonial Pipeline, could more U.S. Oil and Energy companies be at risk of a ransomware attack?

Bitsight reviewed the cybersecurity performance data we have collected on more than 2,000 of the largest U.S.-based Oil and Energy companies. We find that:

  • 62% of these companies are roughly 2X more likely to experience a ransomware attack due to their cybersecurity performance.
  • Nearly 100 companies are at least 4.5x more likely to experience a ransomware attack due to their cybersecurity performance.

U.S. Oil and Gas companies should assess their security programs to discover any gaps that could be exploited by attackers, particular with respect to vulnerability management, patching, configuration management, and endpoint security. Bitsight believes that achieving consistently strong security performance is critical for organizations to reduce the risk of experiencing a ransomware event.

Our Methodology

Bitsight reviewed the cybersecurity performance ratings of more than 2,000 Oil and Energy sector companies headquartered in the United States as of April 30, 2021.

Bitsight continuously and non-intrusively assesses organizational cybersecurity performance by evaluating security performance observations across 23 different categories, including compromised and exposed systems, critical vulnerabilities, patching rates, software security, and other key issues. Bitsight processes more than 250 billion security measurements on a daily basis to provide an objective security rating (using a 250-900 scale) based on its observations that is independently verified to be correlated with breach risk.

Weaker Security Performance = Higher Probability of Ransomware

In recent years, the number of ransomware events has increased dramatically, resulting in significant financial losses for global organizations -- according to Aon’s 2020 Cyber Insurance Snapshot, ransomware attacks have increased 486% over the past two years. According to data compiled by the GeoTech Center, the global cost of ransomware attacks soared from $11.5 billion in 2019 to $20 billion in 2020, with the average downtime for an organization rising from 6.2 days to 16.2 days.

Bitsight has collected hundreds of publicly disclosed ransomware incidents affecting organizations over the last several years. We have identified trends, correlations, and other relevant connections between security performance as measured by Bitsight and ransomware probability.

Bitsight Executive Report Example

New! The Security Ratings report is now the Executive Report. Request your report to see enhanced analysis such as your rating, likelihood of ransomware incidents, and likelihood of data breach incidents.

Bitsight’s research shows that organizations with security performance ratings below 750 have significantly increased likelihood of experiencing a successful ransomware event. We compute the probability of being a ransomware victim for six different ratings groups. For each group, we then compute the relative probability compared to companies with the strongest observable cybersecurity performance (indicated by ratings above 750)

U.S. Oil and Gas Companies at Increased Risk of Ransomware Attack

Bitsight finds that U.S. Oil and Gas companies performing below the 750 rating threshold are at greater risk of a devastating and disruptive ransomware attack. We find that 62% of the largest U.S. Oil and Energy companies are at heightened risk of ransomware attack due to their cybersecurity performance. Nearly 100 companies are at least 4.5x more likely to experience a ransomware attack due to their cybersecurity performance.

Key Recommendations

The Colonial Pipeline attack has brought renewed attention to the issue of ransomware in the Oil and Gas sector and broader critical infrastructure environments.

U.S. Oil and Gas companies should immediately assess their security programs to discover any gaps, particular with respect to vulnerability management, patching, configuration management, and endpoint security. Maintaining excellent cybersecurity performance over time is critical to reducing the risk of experiencing a ransomware event. Patching new and older critical vulnerabilities early and often remains a simple and basic, yet incredibly important factor in reducing risk.

As the U.S. government considers responses to the ransomware epidemic, prioritizing fundamental security program improvements and measuring the effectiveness of organizational security programs will be critical in improving the state of national security.

For assistance measuring your security performance, please contact Bitsight.

Ransomware Trends eBook

Ransomware attacks have been rising at an alarming rate — with victims ranging from one of the largest fuel suppliers in the United States to Ireland’s Department of Health. Download our ebook to learn more about:

  • The latest tactics used by ransomware groups
  • Bitsight’s analysis of data on hundreds of ransomware events
  • Best practices to protect your organization