Oil & Gas Middle East
1 January 2015
PA’s Justin Lowe, energy cyber security expert, is quoted in an article about oil and gas security. Justin discusses the effects of cyber security threats as companies begin to focus on going digital.
Commenting on the human aspect of cyber security, Justin believes that employees can sometimes pose the biggest risk to a company’s security, which often proves the hardest to address.
He explains that it is because of this, training personnel across all levels of the organisation is at top of every company’s to-do list.
Traditionally, security training is assigned for the IT department and is on more general business systems training, explains Justin. “More recently, however, companies have come to appreciate the importance of individual upskilling,” he says.
Justin comments on the training and development of employees’ skills: “The key message here is to make sure that the right training is developed and that there is some sort of skills framework, which means understanding what types of skills different personnel will need to have. You tend to find that the people who understand security aren’t necessarily the best people to communicate the risks. Security is an area where you can end up talking about lots of technical obscure concepts that actually turn people off, than help them understand what the issues are.”
Justin explains that to create better cyber security awareness within their companies, employers should have a top-to-bottom strategy: “It is fundamental for training and awareness specialists to be working with business leaders to be able to articulate and communicate those risks to the rest of the employees. The central people that everyone talks to need to be able to speak with external specialists or government representatives because it can be very difficult to understand exactly what is going on out there in the wild, what the latest threats are and how to respond to those.”
Justin comments on the decisions that business leaders are making as cyber-attacks against oil and gas companies are on the rise: “Often I find people jump to security solutions. They know there is a risk so they tend to buy the latest piece of software or the latest gadget. Usually, that is not the best return on investment and it is not necessarily a dramatic improvement. For example, data loss prevention software is great but can be very difficult to configure correctly and therefore to get working properly without impacting the normal business operations.
“We often find that people who jump into security solutions are not actually sitting back and thinking how to use their existing technology and do something better with their operating procedures; or just increase their awareness and get people to understand what they need to do rather than jump into a technology solution,” says Justin.