Environment & Safety Gas Processing/LNG Maintenance & Reliability Petrochemicals Process Control Process Optimization Project Management Refining
HomeNewsDigital Exclusive: How oil and gas operators can strengthen OT security in 2026

Digital Exclusive: How oil and gas operators can strengthen OT security in 2026

4/9/2026 12:00:00 PM

T. PATTERSON, VikingCloud, Chicago, Illinois (U.S.)

Global demand for oil and gas remains high, and the demand for digital transformation is increasing. While digital transformations within energy supply operations can boost accessibility and efficiency, new infrastructure brings a morass of complex, far-reaching cybersecurity challenges.

Many of these challenges arise from the convergence of information technology (IT) and operational technology (OT). In particular, potentially outdated OT is heightening the risk of critical data leaks and operational slowdown. It is estimated that ~94% of the top 400 oil and gas firms worldwide have experienced at least one data breach1—meaning no company is too large to avoid risk.

Why cybersecurity matters more in midstream and downstream operations. A major misconception regarding cybersecurity in the oil and gas industry is that safeguards only protect sensitive data. However, in the midstream segment, hackers can tap into pipelines, disrupt supply chain links and even alter controls, risking physical damage and possible fatalities.

Downstream, the picture is just as frightening. With refineries becoming ever-more digitalized and reliant on smart devices via the Internet of Things (IoT), hackers can exploit weak points to compromise systems. As with the midstream, this can present risks to life as well as large-scale damage and production slowdown.

Ransomware, in particular, poses serious threats to both the midstream and downstream sectors, potentially locking vital facilities and safety functions out in exchange for financial extortion. Statistics show that the vast majority of attacks on the utilities sector are external, and that ransomware attacks alone are surging by more than 40% yearly.2

The OT cyber-threat landscape in 2026. The new year faces a variety of sophisticated threat vectors and challenges posed via OT. For example, while the rise of machine-learning might be boosting companies’ defenses to some extent, hackers are increasingly using artificial intelligence (AI) to their own advantage to automate attacks and build malware at a faster rate than ever before.

Additionally, OT is increasingly invested in the IoT, whereby smart devices connect to each other to automate checks, share data and boost operational efficiencies. Case in point: there are estimated to be more than 21 B connected and operational IoT devices worldwide at any given time3—it is hardly a passing phase.

Consequently, hackers are using this reliance on connected technology to exploit loopholes and dive deep into sensitive infrastructures, whether for financial gain or to spread mass panic. In the fall of 2024 alone, hundreds of thousands of IoT-connected devices came under attack, with September’s Raptor Train botnet (a massive IoT botnet that compromised > 200,000 devices worldwide, discovered by Black Lotus Labs in 2024).4,5

Common security gaps across energy and petrochemical facilities. Cybersecurity gaps that are most likely to harm companies operating energy and petrochemical facilities are, by and large, those that affect other industrial firms. However, that does not make these gaps any less critical, or difficult to manage without expert guidance.

Typical gaps that allow hacker access can include:

  • Poor personnel training to handle digitalized systems and manage data shared between them
  • Increased IT/OT convergence without effective planning to secure the larger attack surface
  • Limited visibility over OT and poor segmentation of IT and OT networking
  • Outdated systems or facilities that cannot connect securely through the IoT or lack authentication and encryption outright
  • Ongoing failures to thoroughly check and update systems with necessary security patches
  • Use of catch-all IT security processes and protocols, where petrochemical OT infrastructures benefit from specific oversight of programmable logic controllers (PLCs) and specific devices
  • Poor incident response planning, whether through a lack of cybersecurity education, poor budget management or intentional ignorance
  • Risks posed by third-party vendors and suppliers with security weaknesses
  • Over-reliance on the IoT (i.e., connecting devices for the sake of doing so without careful risk and benefits analyses)
  • Over-complex setups and integrations (falling into over-reliance for the sake of doing so).

Practical steps operators can take to secure industrial control systems. Securing industrial control systems within the energy sector is not a simple task, nor is it one that can be rolled out within a matter of weeks. It is an ongoing process that may rely on firms hiring specific cybersecurity experts to join internal teams or to operate on an outsourced basis.

Regardless, companies can take several steps to ensure their control systems are better prepared to fight back against hackers’ increasingly sophisticated toolkits and strategies:

  • Schedule and document patch management cycles to ensure no systems are running on outdated versions (thus allowing hackers to exploit loopholes).
  • Carefully assess all systems and connections under your control, auditing and removing outdated, unnecessary or inefficient systems to reduce your attack surface (do not adopt or increase your IoT setup unless you have complete buy-in).
  • Ensure controls have clearly outlined access levels, with multi-factor authentication (where possible re: legacy systems) and zero-trust principles (i.e., establish continuous authentication and identity-based access).
  • Roll out secure password processes, ensuring personnel know when to update access details and how to set phrases with strong entropy.
  • Segment networks carefully and isolate critical systems to prevent all devices falling from one or two attacks (make it more difficult for hackers to bring down the whole infrastructure).
  • Develop a network monitoring system that continuously watches and responds to potential threats and anomalies, such as watching for unusual access requests.
  • Have a clear response and restoration plan in place, identifying the chain of command and responsibilities for reacting to major threats.
  • Ensure all personnel are regularly trained and tested on cybersecurity essentials as a priority.

Building cyber resilience for the future of energy operations. Ultimately, no oil or gas firm wants to become the next Colonial Pipeline, at least with regard to its infamous 2021 ransomware attack.6 The event led to mass fuel shortages, and with ransomware and AI hacking numbers ever increasing, we never truly know when the next scenario like this will occur again.

That is why now is the best time for oil and gas firms to think carefully about their infrastructures, and to prioritize a continuous focus on cybersecurity.

LITERATURE CITED

1 Corner, E., “Report: Over 50% of top oil and gas firms hit by data breaches in last 30 days,” Oilfield Technology, May 2025, online: https://www.oilfieldtechnology.com/digital-oilfield/20052025/report-over-50-of-top-oil-and-gas-firms-hit-by-data-breaches-in-last-30-days/

2 VikingCloud, “46 ransomware statistics and trends report 2026,” December 2025, online: https://www.vikingcloud.com/blog/ransomware-statistics

3 Sinha, S., “State of IoT 2025: Number of connected IoT devices growing 14% to 21.1 billion globally,” IOT Analytics, October 28, 2025, online: https://iot-analytics.com/number-connected-iot-devices/

4 Verizon business, “2025 Data breach investigations report,” 2025, online: https://www.verizon.com/business/resources/T375/reports/2025-dbir-data-breach-investigations-report.pdf

5 Lakshmanan, R., “New ‘Raptor Train’ botnet compromises over 200,000 devices worldwide,” The Hacker News, September 18, 2024, online: https://thehackernews.com/2024/09/new-raptor-train-iot-botnet-compromises.html

6 Easterly, J. and T. Fanning, “The attack on Colonial Pipeline: What we’ve learned & what we’ve done over the past two years,” America’s Cyber Defense Agency, May 7, 2023, online: https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years

 

ABOUT THE AUTHOR

Thomas Patterson is the Vice President of Product Management: Platform, Mobile, Risk and AI, at VikingCloud. Patterson is a highly experienced and passionate product leader in the cybersecurity and technology industry. With a strong background in product management, security and data privacy, he has a proven track record of driving innovation, growth and successful product launches. Patterson is responsible for overseeing the VikingCloud platforms, mobile applications and AI. He is skilled in building core services, shared infrastructure and centralized experiences for a seamless platform experience.

 

 

 

 

 

Related News

From the Archive

Comments

Comments

{{ error }}
{{ comment.name }} • {{ comment.dateCreated | date:'short' }}
{{ comment.text }}