June 20 has come and gone, and it appears that threats of a worldwide cyber attack against the oil industry caused little, if any, disruption. At least not anything that was disclosed publicly. The hactivist group called Anonymous, known for wearing Guy Fawkes masks, threatened to strike the oil and gas industry last week. In a video introducing OpPetrol, a masked member of the group voiced displeasure with how oil is priced in US dollars among its reasons for the planned attack. Not saying exactly what it planned to do, the group said it would target the US, Canada, England, Israel, China, Italy, France, Germany, Russia, and the governments of Saudi Arabia, Kuwait, and Qatar. The planned attack was highly publicized, capturing headlines in print and online worldwide. However, the day of the planned attack came and went with no plethora of press releases from oil companies saying their computer systems had been compromised. However, even if major oil companies were spared from the cyber attack, nowadays it is better to be safe and take precautions, than to take a chance and risk becoming the victim. Symantec said on its blog that these types of organized attacks may include distributed denial-of-service attacks, hacking servers and attempting sabotage, posting fake messages, defacing websites, or stealing and posting information. The company, like other technology firms, advised companies to look for unusual activity and have staff “trained on social engineering mitigation tactics along with regular security awareness training.” Having a game plan or policy in place in the event of a cyber attack should not be something companies start working on when word of a threat arrives. Companies should be proactive and have plans in places beforehand. Moreover, considering technology is constantly evolving and hackers are becoming savvier, it’s good to have a living document that is continuously updated with systems checked often. Key findings from the Symantec’s 2013 Internet Security Threat Report, which analyzes global threat activity, revealed there was a 42% increase in targeted attacks in 2012, and 31% of targeted attacks had small businesses – those with less than 250 employees – in the bull’s eye. One attack last year infected 500 organizations in one day, and one threat infected 600,000 Macs in 2012. Attacks that were Web-based jumped 30%, while the number of phishing sites spoofing social networking sites skyrocketed 125%, Symantec said. Jonathan Pollet, founder of Red Tiger Security, said such attacks against the oil and gas industry are growing. His company believes that the highly publicized events represent only about 5% to 10% of the actual attacks being carried out. Advice given by Red Tiger bears repeating: ensure operational control systems are segmented from the corporate network and know what types of communications are allowed between the corporate network and the operational networks; implement network monitoring solutions to monitor the corporate IT and the operational side of firewalls; have up-to-date backups of all critical systems that you can restore quickly if your operational systems are compromised; and develop a plan to operate manually if electronic SCADA and ICS devices are compromised. With Op Petrol, Anonymous told oil companies to “expect us.” Companies should always heed the warning. Contact the author, Velda Addison, at vaddison@hartenergy.com.