Organisations, whatever their size, should know that they face highly resourceful criminals and law enforcement agencies are overwhelmed by the scale of their task.
Information security (including cyber security) begins in the board room, and directors will be held personally responsible for breaches that could have been avoided.
In the UK, Europe and beyond we are currently living through one of the most uncertain and transformative periods experienced in recent times and businesses are faced with increasingly challenging issues. The oil and gas and related industries are as at-risk as any other, and management must ensure that they are prepared for massive disruption from all sides.
Cyber security is a concern that is often shelved in favour of other priorities, but the potential consequences are dangerous to overlook. Experience has shown that companies of all sizes, including those with large networks or small standalone systems, are all at risk.
The use of the internet and communication networks has revolutionised the way that we work, share information and exchange data across a diverse range of organisations. One of the greatest challenges will be that organisations have different levels of competence and therefore you must ensure that everything is done to minimise exposure, with all necessary checks and protections put in place as well as preparations for the aftermath of any attack.
A recent report by Accenture found that, of those surveyed, a majority (69%) of respondents had “experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months”. Most people are so busy worrying about a technological silver bullet they completely overlook the weakest link – people. Such errors can be reduced by increasing user awareness and ensuring they understand the implication of their actions through education.
Criminals use whatever tools are available to them to gather intelligence for further exploitation, steal information or money, and create routes to more lucrative targets. Your technology, if you allow it, is merely one of those potential tools. They are looking for vulnerabilities to exploit – even your child’s phone or Facebook account could be used to get to you. Of course, vulnerabilities don’t need to be digital. An open door or a weak procedure is as vulnerable as an unpatched operating system. Criminals will mix and match to exploit whatever gets them there.
Those working on complex projects often provide multi-user access, allowing all stakeholders to access information at the same time. If, even unintentionally, details of the project were to be leaked or altered there could be damaging consequences. Even hackers who are not looking to cause physical harm can affect your company; obtaining private sensitive corporate information, using your system to hop into your clients systems, or even obtaining personal information about your employees.
However, we understand that the technology marketplace is a somewhat confusing space with vendors aplenty offering ‘The answer’ to managing your business, your precious clients and the resulting enormous amounts of sensitive data that are produced as a consequence.
It is no wonder that many organisations rely too heavily on their IT departments or outsourced IT services suppliers for support and advice, especially with regard to the risks of cybercrime.
Cyber security is an element of information security. Information security is an element of risk management. Risk management must be overseen by the board. The EU’s new data law (GDPR) will take effect in May 2018 (before Brexit) and recent statements from UK legislators and regulators indicate that this law will either be adopted in full or replicated in UK law.
No matter what the industry, in order to maintain a competitive advantage and uphold your integrity, companies must now be seen to be dealing with cyber security in a proactive manner, reducing vulnerability for clients and suppliers across the board. Everyone needs to feel confident that you are fully prepared with a response plan in place to react in the event of a cyber incident, which now seems to be a matter of when rather than if. Don’t get left behind.
BeCyberSure is a global specialist in information security and helps deliver cyber security education throughout the public and private sector supply chains.
Make Cyber Security part of the culture.
UK Mobile +44 (0)7815 119538
UK Office: +44 (0)20 3290 0686
US Office: +1 401 859 1923
From Adjacent Oil & Gas 4, August 2016