Sloppy security policies are leaving even large energy companies vulnerable to cyberattacks routed through their subcontractors, according to a report released Wednesday by Houston-based security firm Alert Logic.
While the largest companies in the energy industry have taken steps to protect themselves from intruders, they have failed to insist on the same vigilance from their subcontractors, according to the report.
“To put it nicely, I’d say it’s not a mature process,” said Stephen Coty, director of threat research for Alert Logic. “I don’t think that they hold their contractors up to the same standards that they do their employees. I think that’s a growth issue, or understanding the risks.”