Saudi Aramco and US-based security contractor Raytheon this week agreed to establish a joint venture company that will develop, market and provide cyber security services in the kingdom and beyond.

Coincidentally, the oil giant made the announcement a few days after Italian oil and gas contractor Saipem confirmed that hundreds of its servers in Saudi Arabia, the UAE and Kuwait have been shut down due to a cyber attack originating in Chennai.

A few days later, a second oil field services contractor, UK-based Petrofac, confirmed its servers in the Middle East have also been attacked.

Both contractors work extensively with Saudi Aramco - one of the top targets of the millions of cyber attacks the region receives every year - and other oil and gas companies in the region.

Following the first attack in 2012, in which Shamoon virus disabled Saudi Aramco’s operations for several days by destroying 30,000 PCs – and a more benign second attack in late 2016 - it appears that the oil giant has implemented measures to minimise the reoccurrence of such attacks on its servers, networks, systems and desktops.

The presence of a stronger cyber security defence and regulations at the oil giant means attackers are now turning to their suppliers and contractors, with the goal of inflicting substantial disruption and damages to the oil giant’s assets, whether those targets are refineries, offshore oil fields or pipelines.

Fortunately, this week’s attacks appear to have been confined to the contractors’ servers and computers and have not impacted project sites or resulted in major data losses.

This means both contractors have enough time to reinforce their information technology (IT) infrastructure and processes particularly in their Middle East offices, and highlight the need for employees to be informed and vigilant about the many forms of cyber threats they face to prevent reoccurrence of such attacks in future.

The most recent attacks also highlight the risks, and the higher level of security required, as energy companies move to embrace new technologies ranging from internet of things (IoT) and cloud to big data, and towards a more integrated supply chain.

The billions of dollars that these technologies promise to generate oil and gas clients in terms of customer savings, lower water consumption and emissions, and potentially higher profit, will be moderated by the significant investments required on threat protection software, compliance, risk management, intrusion detection and prevention systems, and a cyber security incident response plan, among others.