“Cyberattacks are one of the top risks we face at Aramco – on a par with natural disasters or physical attacks,” Nasser told the Global AI Summit 2022 in Riyadh.
“But while these attacks are growing in scale and severity, AI is helping fend off some of the threat. So our efforts should not only focus on greater efficiency or deeper customer insights, but also on security and resilience,” Saudi Aramco’s top executive added.
Aramco itself has been subject to several cyber attacks in recent years, the most notorious being the 2012 Shamoon malware that wiped out every computer at the Saudi oil firm. In 2018, a variant of the Shamoon malware resurfaced, cybersecurity experts warned at the time.
Last year, Aramco was targeted in a data leak that was the subject of a ransom demand of $50 million in cryptocurrency. In July last year, the world’s largest oil firm told The Associated Press that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.” A week earlier, BleepingComputer reported that Saudi Aramco had suffered a data breach in which cyber attackers had stolen 1 terabyte of proprietary data of Saudi Arabia’s oil giant and are selling it on the dark web.
It’s not only Saudi Aramco that has identified cyber threats as one of the top risks.
According to an August 2022 study by cyber risk rating and monitoring company BreachBits, most U.S. oil and gas firms are exposed to the risks of a cyber breach. The study ranked 59% of companies at Medium Risk for a cyber breach, 13% at Low Risk, and 28% at Very Low Risk.
“11% of the companies presented potentially serious, High-Risk threats. We identify and monitor cyber risks at scale as we did here, detect issues and then test them just as a hacker would for our customers,” BreachBits CEO and Co-Founder John Lundgren said last month.