Elevated risk of cyber-attacks on the Oil & Gas (Energy) sector

Oil Pump Jack

While cyber-attacks aren’t anything new and are part of everyday business risk, the increased number of attacks against the Oil and Gas industry is alarming. Traditionally when companies get “hacked”, for the most part it’s software bots scanning the internet for companies that have unpatched servers or open security holes (for example, Equifax was hacked due to an unpatched Apache Strut vulnerability). When it comes to Oil and Gas, the stakes are higher, and so is the payoff. Hence, why more and more businesses in the energy sector are coming under attack.

When there’s a specific target the above methods are still employed, however there’s the added vector of the individual and human factor actually putting effort in to compromising the systems. The added human factor bringing potential social engineering, expertise, and putting all their effort into a single target, with sometimes numerous individuals, is what makes this so dangerous. Finally, actual hacker groups often have access to “0-Day vulnerabilities”. These are vulnerabilities that haven’t been discovered to which the software developer hasn’t created a patch for. These are often used when groups are specifically targeting an organization, person, or entity.

With the decline and recession of the energy industry from 2014 to 2017, numerous companies have reduced (and in some rare cases even completely cut) their IT budgets. This includes laying off staff which actively monitor these systems, changing IT providers, and even moving to external resources (such as cloud providers) so that the company doesn’t have to maintain their own systems.

This dynamic and changing approach to IT has had its own consequences. Numerous businesses have removed most of their IT infrastructure just because they have moved to the cloud, removing all their internal IT security systems which are still required no matter where their data is stored. These systems include centralized endpoint (computer) protection, perimeter protection (corporate firewalls and unified threat management systems), active monitoring systems (monitoring the environments and security), and the infrastructure that make all these systems work. Even though some of these companies now have small or no data on their actual physical network, their credentials have become very easy to compromise, which allows attackers to access their cloud resources. They’ve essentially stripped away numerous security layers.

The recent hack on Deloitte brings emphasis to the ease of compromising some cloud based systems. The attacker gained access to their Microsoft-hosted e-mail mailboxes by getting access to the main single administrative account (username and password) which controls everything. I firmly believe in general situations that staff actively monitoring these systems could identify and stop intrusions, even stopping them from ever occurring. I also believe it would have been a different story with everything on-premise, restricted behind firewalls, perimeter security, and the complexity of the attacker not knowing or being familiar with the internal corporate network.

In addition to the move to cloud resources to save costs, companies have changed IT providers for low-cost “discount” providers. These companies advertise as providing the same services that a company is accustomed to receiving but at a fraction of the cost. These providers often don’t provide the same services, outsource support/services to other 3rd party companies (sometimes in other countries), store sensitive information on 3rd party servers, and don’t take security seriously since they focus on the number/volume of their client base and not on the quality of their work. With the added pressure of clients restricting budgets, these companies can sell and implement incorrect solutions that are often sized for a different type of business. All of this contributing to their security vulnerabilities.

Traditionally, Oil and Gas has always been big bucks! As situations and issues have arisen, money was often thrown at these issues to resolve them, this also being true with their IT systems. Over years and years, management at these companies would rarely get involved, just paying bills expecting it to work. With the decline and recession in the industry, they just assumed that they could get the same service when switching to discount providers mentioned above or migrating to cloud based resources.

Oil and Gas has always had strict IT requirements. This is due to the sensitivity of the data, compliance requirements (with regulatory bodies, associations, health and safety), value of intellectual property, adhering to governmental privacy and information acts, and investments they’ve made in big data. Additionally, due to political factors and human factors (such as environmentalism), the industry has always been under heavy scrutiny for liability (which requires even more care in maintaining and protecting data and records). This all adds to the need to protect this data.

So here we are approaching Q4 of 2017 at a time when the industry is finally picking up. Cash is starting to flow, as well as the oil in pipelines, and with the growing cyber security risk on the rise, it’s a dangerous combination that businesses need to be aware of.

Businesses and organizations need to pay special attention to their IT systems. Management needs to be actively involved, educated, and asking relevant questions. When things don’t seem right, it’s for a reason.

Not having a proper budget or resources for IT is like removing the insurance policy on millions of dollars worth of assets and equipment. You wouldn’t do the latter, so why do the former. Why would you put your IT systems that run your business and operations at risk?

 

We’re proud to announce a strategic partnership with Action Insurance Group!

We’re proud to announce a strategic partnership with Action Insurance Group!

Action Insurance Group is a leader in providing cost-effective and comprehensive commercial insurance solutions. They provide a multitude of corporate insurance products and solutions including coverages for Information Technology and Cyber-Crimes.

By adding this partnership to our growing network, we continue to establish and maintain ourselves as a leading all-encompassing turnkey IT solution and Managed Services provider for businesses. We differentiate ourselves from competition by managing and advising both on the business and technical aspects of information technology, where our competitors usually strictly focus on the technical.

Contact us today for more information!

 

Action Insurance Group

http://www.take-action.ca

We’ve partnered with 10ZiG to provide cutting-edge Thin Client and Zero Client endpoint devices for the latest virtual desktop solutions.

10ZiG Partner Logo

Today we’re happy to announce our new partnership with 10ZiG10ZiG Technology provides cutting-edge Thin Client and Zero Client endpoint devices for the latest virtual desktop solutions.

We have exciting plans which include providing VMware Horizon View solutions and utilizing 10ZiG endpoints (zero clients) for end user connectivity. We also have a few special projects in the work which may include 10ZiG‘s technologies, so stay posted for those!

Please feel free to contact us for your virtualization and VDI requirements!

 

10ZiG Corporate Website: https://www.10zig.com/

Here’s to 11 years in business!

Today, we celebrate our 11th year in business anniversary!

We would like to say thank you to both our clients and vendors. Without these relationships and valued business partners, none of this would be possible!

For 11 years we have been providing IT Solutions and Services, as well as Managed Services to many different types and sizes of businesses in many different sectors. We’ve maintained and supported environments in multiple cities (from Calgary, Alberta to Carlyle, Saskatchewan), and multiple countries (from Canada to Australia).

Our Managed Services offering has helped our clients achieve their I.T. goals. We focus on quality, integrity, and high uptime to provide secure and feature rich solutions and environments. We also support these solutions and customers 24 hours a day, 7 days a week, and 365 days a year.

What makes this anniversary even more special is that it marks our expansion to Vancouver, British Columbia (as well as the Lower Mainland)!

Our new Vancouver mailing address:

Digitally Accurate Inc.
Suite 302
1350 Burrard Street
Vancouver, BC
V6Z 0C2

We can be reached by telephone at (604) 901-0140

We’d love to help you or anyone you know who is looking for IT Solutions and Services, so please don’t hesitate to contact us. We have a very attractive referral program in place!

Here’s to another year!

We’ve expanded to Vancouver, BC and the Lower Mainland!

Today, 10 days away from our 11th year in business anniversary, we’re happy to announce that we have officially opened our doors in Vancouver, BC and the Lower Mainland area.

For 11 years we have been providing IT Solutions and Services, as well as Managed Services to many different types and sizes of businesses in many different sectors. We’ve maintained and supported environments in multiple cities (from Calgary AB to Carlyle SK), and multiple countries (from Canada to Australia).

Today we expand to the lower mainland in beautiful British Columbia and bring with us our experience maintaining, supporting, and managing corporate IT Infrastructure!

Our new Vancouver mailing address:

Digitally Accurate Inc.
Suite 302
1350 Burrard Street
Vancouver, BC
V6Z 0C2

We can be reached by telephone at (604) 901-0140
We’d love to help you or anyone you know who is looking for IT Solutions and Services, so please don’t hesitate to contact us. We have a very attractive referral program in place!

Today is our 10th year anniversary!

Today we are happy to announce we’ve officially been in business for 10 years! It was exactly 10 years ago today that we were incorporated (July 27th, 2006).

It has been 10 years that have passed by very quickly that have included many challenges and obstacles. Throughout the years we have gone from simply providing I.T. Services billed hourly transitioning in to a full Managed Services Provider back in 2011 that designs, sells, implements, manages, and supports I.T. Solutions and Infrastructure.

We’ve come to build expertise and specializations in technologies such as Storage, SANs, Virtualization, Infrastructure, Disaster Recovery, Remote Office Connectivity, and Security just to name a few, and have evolved with these expertise to benefit specific markets such as Homebuilding, Manufacturing, Oil and Gas, Service Providers, and numerous others.

In the past 10 years we’ve provided consulting, services, and advice to over 80 companies, 5 years ago trimming that number down to a select group of companies that required mission critical Infrastructure services and Managed Services.

We’ve partnered with some of the leading companies like HP, HPe, Microsoft, Sophos, IBM, Lenovo, Symantec, and Veritas that have enabled us to provide top notch best practice solutions for our clients, thus enabling them to manage and support these environments in a cost-effective manner, contributing to their business functionality, and providing a solid foundation for them to work on their bottom line.

We cannot say THANK YOU enough to our wonderful clients, and those who have worked with us in the past. We would also like to thank our vendors and the various channel partner support teams we have worked with during solution design, technical pre-sales, and supporting the products after implementation.

 

Cheers to another 10 years of success, and cheers to expanding to new markets and areas!

 

Stephen Wagner

President

Digitally Accurate Inc.

Ready to Virtualize? Here’s some important considerations…

When a business makes the decision to virtualize, a whole new world opens up. Virtualization increases the capabilities of performance, disaster recovery, uptime, management of servers, management of infrastructure, the list goes on.

However, you need to make sure you Virtualize properly!

Often businesses make ill-informed decisions either based on budget, or based on misinformation provided by I.T. professionals. I want to talk briefly about a few key points which should be in your mind before making the jump to a Virtualized environment in regards to design of your solution.

1)      Performance

In virtualized environments, there are 2 key points that usually bog down the infrastructure, storage and memory (RAM).

Storage:

I’m sure you’re all familiar with the “thinking” light on computers, this is actually a LED that shows hard drive access (both writes and reads). You know how much it flashes when on a single computer when you’re doing things, now imagine 10-20 virtualized servers using the same storage system, the LED would be on solid. Enterprise (and server) storage is designed to allow more throughput and higher speeds, but keep in mind that under normal conditions even enterprise storage is designed for a single system or server to access it and provide resources to the network. This is why you really need to plan out and design your storage system.

All virtualization storage systems should be designed with virtualization in mind. With numerous virtual machines accessing the storage system (or SAN), the SAN not only has to provide high speeds and throughput, but also has to be able to process high IOPS (Input/Output per second). The storage has to respond to these I/O requests at very high speeds, all while providing high throughput of data access to each of the virtual machines. Right now for small/medium sized businesses, we recommend the HP MSA2024 SAN, which was designed for virtualization, provides extremely high IOPSs, throughput, and is extremely reliable with dual controllers. The dual controllers allow for multiple links from the SAN to the actual physical servers, this provides higher throughput, also redundancy in case a single link goes down.

There are a lot inexpensive NAS/SAN devices out there that advertise as VMWare ready, and while they are compatible, you will experience HORRIBLE issues in a production business environment with numerous VMs. I always say that these devices should only be used in labs, testing, or hobby environments. You need to expect that your SAN (including drives) will cost more than 1-2 servers.

Memory:

I can’t stress enough how important it is to load your physical virtualization host servers up with as much memory as possible. Thankfully in the last few years, using the latest generation of HP servers, RAM has become EXTREMELY affordable.

Don’t plan your solution with ONLY the amount of RAM you’ll need for the virtual machines running on a single host. In a 2-3 physical host environment add up all the RAM all you’re virtual machines will use (across all hosts), take that value and multiply it by 1.5, the product of that should be the amount of RAM you should have in each physical host. Keep in mind, if two of your physical hosts die, you’ll want to move all the VMs from the failed hosts on to the healthy host which is still running.

Further comments:

In most virtualization environments for small businesses, I always recommend to load up each physical host server with (2) X 8 or 10 Core Xeon processors. While this isn’t a rule, I always like to make sure that the virtualized CPUs correspond with a physical core, and try not to have them shared (although it’s fine if you do).

 

2)      Disaster Recovery

This is one of the most overlooked topics in virtualization. A lot of professionals actually believe that snapshots are backups, they are NOT. Snapshots are used for testing, to rollback when applying patches, are involved with backups, but are not actual real backups. Snapshots are great, but they aren’t what you’re looking for. I actually prefer not to leave virtual machines in a snapshot state for performance reasons.

It’s critical to build a disaster recovery solution that will actually allow you to have the data (or backup media) off-site. This can be achieved by using a backup system that pushes backups over fiber to a remote location, or software like Symantec Backup Exec that will actually allow you to backup to removable disk, or tape storage for the larger environments. You want to be able to have multiple point in time backups so that you can restore a system or file from 3 months ago. You don’t want to be stuck with a single backup.

A good consideration is to utilize BackupExec to backup the virtual machines to disk then to tape. This will quickly back your virtual machines up, then move/replicate the backup to tapes which in turn can be taken off-site. I know tape backup technology has been around for a while, but it’s anything from old. The latest tape backup technology can store multiple times more data that removable disks can, they also offer superior read/write speeds versus hard drives. They are also super easy to transport.

 

In conclusion, keeping these key points in mind can help you implement the best virtualized solution. It’ll help you get the best bang for your buck, and will help you avoid some problems that most first-time virtualizing companies are making today.

 

Call us for more information, and how we can help you get started with virtualization.

Client Configuration Example

In an effort to better explain Digitally Accurate’s capabilities and demo some of the solutions we implement, support, and manage we’ve decided to start putting some of our client configurations online!

This specific configuration we put together for an Oil & Gas company.

Objectives and Requirements:
-Mass Storage (Client requires 5TB+ enterprise grade storage)
-Close to 100% up-time
-Disaster Recovery solution requiring full backups weekly, and daily differentials, must be taken off-site
-Security (Both network and Anti-Virus)
-Remote Access (VPN, RDP, and Mobile devices)
-24×7 365 Unlimited Technical Support (On-site and Remote)
-Remote Monitoring
-IT Management
-Pro-active Infrastructure Management and Maintenance
-24×7 Hardware Monitoring (Client requires immediate replacement)

Solutions:
-Microsoft Windows Small Business Server Premium Edition
-2 X HP Proliant DL360 G6 Server
-Sophos Astaro Security Gateway 220 (Full Guard Bundle)
-Symantec Backup Exec 2012
-2 X HP MSL2024 StoreEver Tape Library (1 X LTO-4 SCSI, 1 X LTO-6 SAS)
-2 X HP SmartArray P800 Controller
-HP U320E SCSI Controller
-Dlink DGS-1210-48 SmartSwitch
-Symantec Protection Suite
-APC Smart-UPS XL 3000VA Extended Runtime Uninterrupted Power Supply
-APC Smart-UPS XL 48 Volt Extended Runtime Additional Battery Pack
-Platinum Managed Services from Digitally Accurate

 

HP Rack Keyboard and Video Display

HP Rack Keyboard and Video Display

125TB (compressed) of LTO-6 Storage

100TB (compressed) of HP LTO-6 Storage

MSL2024 Tape Libraries with LTO-4 and LTO-6 Tapes

HP MSL2024 Tape Libraries with LTO-4 and LTO-6 Tapes

Sophos ASG and Tape Library

Sophos ASG220 and Tape Library

Servers and Storage

2X HP DL360 G6 Servers and 2 X MSA60 Storage Arrays

2 X MSL2024 Libraries

2 X HP MSL2024 Libraries

Company website has been updated!

As of today, we have rolled out a new website on or corporate site. Any feedback is appreciated!

Go to https://www.digitallyaccurate.com to check out the new layout and let us know what you think!

Digitally Accurate Inc. hits 6 years in business!

Digitally Accurate Inc. turns 6 years old today! Thanks goes out to our awesome clients and vendors who made this possible!

Go to https://www.digitallyaccurate.com for information!

Top