'Normally you wouldn't expect hardware to be compromised so fully that you need to replace everything'
After a cybersecurity incident hit petroleum refineries company Suncor last week, the employer is now replacing employee computers, among a series of other security measures, according to a report.
The company will replace desktop and laptop computers in waves to ensure the devices are safe to use, starting with "a small number of employees and contractors aligned with business criticality,” CBC reports, citing an internal communication dated July 3.
While it’s not clear how many computer units will be replaced, or which departments were affected by the cybersecurity breach, the decision to replace hardware is an indication of a serious situation, according to the report.
"Normally you wouldn't expect hardware to be compromised so fully that you need to replace everything," says Chester Wisniewski, a cybersecurity expert who is field chief technology officer at Sophos, in the CBC report.
While the number of cyber attacks dropped to 344 in 2023 from 419 in 2022, they resulted in a greater number of breaches at organizations, jumping from a 12-month average of 13 in 2022 to 30 in 2023, reports tech solutions provider CDW Canada.
Productivity impact of data breach
Last week's attack affected debit and credit transactions at gas stations across the country. It also restricted customers' access to the Petro-Points loyalty program.
It could also be affecting Suncor workers’ productivity if any IT problems are ongoing, says Geoffrey Cann, a former Deloitte partner and energy industry consultant, in the CBC report.
"Unless they had somehow some standby, ready-to-go, completely different computer system – that they could switch on while they remove the old systems – there would have to be some interruption in the day-to-day activities of the workforce.”
Suncor also told employees not to use social media on company devices, or let people tailgate behind them into an elevator, according to the report.
Earlier this year, the federal government banned the use of TikTok on workers’ government-issued mobile phones, citing cybersecurity concerns.
And in June, at least 100,000 workers in Nova Scotia were impacted by cybertheft last week, with cybercriminals taking sensitive worker information.
Cyber threats in oil and gas
In 2019, about a quarter of Canadian organizations classified as oil and gas had reported a cyber incident, CBC reports, citing data from Statistics Canada and the Canadian Centre for Cyber Security (the Cyber Centre).
“Like virtually all heavy industry worldwide, the oil and gas sector has embraced digital transformation of their OT in production, transportation, and distribution of their products. The digital transformation of energy sector OT has many management, performance, and productivity benefits. For example, it allows organizations to centrally monitor and manage OT devices that might be spread over a wide geographic area,” says the Cyber Centre.
“The Cyber Centre assesses that the digital transformation of OT assets is expanding the attack surface of vulnerabilities for cyber actors and exposing oil and gas sector OT assets to cyber threats.”
Ransomware is the primary cyber threat within the oil and gas sector, though it is also likely to be targeted by state-sponsored cyber espionage "for commercial or economic reasons,” according to the report.