Recently published research from Frost & Sullivan and Telstra looks into IT security in the Mining, Gas and Oil sectors. The white paper highlights six key insights into how businesses should respond to potential cyber-threats, internationalised cyber-crime and hacktivism.
1. Protect critical assets to maintain business continuity
As systems become more complex and widely distributed, large, geographically dispersed companies need to be aware of what and where their cyber-assets are.
“This industry revolves around the Internet of Things and remote data management – we’re open to more vulnerabilities,” says Alan Hindes, Industry Executive, Mining and Oil and Gas at Telstra. “What do you do about protecting data? How do you avoid business and reputational losses? What are companies doing about achieving a holistic view of information security?”
“Many data breaches are internal – either conscious or as a result of behaviour that doesn’t consider the broader security context.”Alan Hindes, Industry Executive, Mining and Oil and Gas, Telstra
2. Build awareness of information security throughout the organisation – it’s not just a problem for the IT team
The research shows that creating a culture of information security, where every employee is aware of their obligations to act securely and to protect company assets, is critical.
The white paper’s writers noted that 57 per cent of security incidents in the last 12 months were a result of human error. The loss of employee end devices containing confidential information was the next most common cause of data loss. The human factor is clearly important.
“Many data breaches are internal – either conscious or as a result of behaviour that doesn’t consider the broader security context,” Hindes says.
3. Fund security initiatives to match the real threat landscape
The white paper also highlighted the importance of maintaining funding to IT security infrastructure, despite the contraction in the sector.
“Whilst there may be a temptation to reduce investment in security, this might be to the detriment of protecting the company’s core information assets,” Hindes says.
4. Continually assess and monitor risks
Security audits should be completed after any incident, and remediation activity carried out immediately, in addition to ongoing monitoring. Hindes also points out that C-level executives need to be across the potential impacts and threats of any breach, and make sure they are ready to hear the truth.
“Often breaches are filtered by the time they are reported to management,” Hindes says.
5. Manage incidents to bounce back strong
Effective measures that detect, remediate, recover and restore systems and data following an incident can minimise its impact. Creating a cyber-attack response protocol is essential. Managing incidents should become part of the organisational DNA.
6. Consider security at the design stage
Resource organisations should consider vulnerabilities in any existing systems and build security into next-generation networks and applications.