How developed is cyber security culture in your organisation: Oil and Gas industry viewpoint – Part 2


According to the 2013 forecast of Trend Micro about the Security Threats for Business, the Digital Lifestyle and the Cloud:

– Cybercriminals will heavily abuse legitimate cloud services;

– Security threats will appear in unexpected places as digital technology plays a larger role in our lives,

– Politically motivated electronic-based attacks will become more destructive and sophisticated

– Africa will become a new safe harbor for cybercriminals.

2013 Security threats forecast

One of the forecasted trends addressed was also enforcement of cyber crime laws. Trend Micro predicts that it will take two or more years, i.e. at least 2015, to reach full implementation and enforcement of cybercrime laws by most industrialized countries. Meanwhile, businesses have no choice but to be more proactive in preventing attacks, especially Advanced Persistent threat (APT) campaigns, Thus, threat intelligence will become an important part of standard defenses for businesses, with oil and gas companies in particular.

The recent Ernst & Young report on cyber security threats addresses the use of Security Analytics Framework that allows security professionals to make fact-based security decisions using an innovative approach. Although millions were spent by oil and gas companies on security, yet theses sectors remain extremely vulnerable to the very real threats of targeted espionage. The cyber attacks or cyber-interference are well planned intervention led by highly trained teams of hackers, sometimes backed by foreign governments.  These attacks can be active for multiple years and the goals can vary, from stealing valuable data to gaining access to process control networks. However, the main purpose is to disrupt operations.

Problem: So, what is a problem that impedes cyber security development? As suggested by Ernst&Young, there are couple of issues that IT professionals face today and all of the issues are created by the overwhelming flow of the data.

1. The companies today use a number of different security technologies that run simultaneously and, thus, produce enormous amount of data every day: system logs, archives, alerts, notifications, user transaction and access data. In order to digest and analyse this information flow there should be a consistent method that IT professionals do not have today.

2. The flow of information data comes not only from internal systems, but from external as well, such as blog sites, subscription services, chatter on hacker forums etc.

3. Although many organisations invested heavily in SIEM (Security Information and Event Management) tools that help manage vast amount of data, still it is difficult to make sense of vast amount of security information flowing in every hour of every day.

4. Data flow is not the only problem, but a source of additional problem.

All this internal and external data should to be processed and analysed to pinpoint the potential threats and steps to be taken. However, typically this accumulated data creates an overwhelming amount of information, but not necessarily knowledge. Conseguently, IT professionals cannot analyse properly in order to identify the real risks. As a result, in most cases this data is used only after the cyber interference/attack, but not in order to prevent. So, at the end of the day and despite of all these investment made, it is the technical experience and gut instincts of your IT staff that leads the solution of these problems.

Solution: Security Analytics Framework by E&Y

The framework consists of 3 components:

1. External threat analysiss

2. Inside risk analysis

3. Third-party risk evaluation

External risk analysis help understand the external relevant while inside risk analysis show how the company’s internal assets(people and systems) behave within the environment. In order to understand how your external assets impact your security the third-party risk evaluation is used. Under the third-party we stipulate customers, vendors, contractors, suppliers and partners.

E&Y Security Analytics Framework

The main role is played by the inside risk analysis evaluator, since it will have the most real-time and accurate data generated by company’s internal assets. The other two components are linked to various company assets based on their ability to impact internal assets.

The Framework analytics performs using three different tools:

1. Asset mapping – maps all key alerts and security information back to an actual inside asset using a correlation engine,

2. Behaviour-based analysis – identifies ‘abnormal’ behavior after defined a ‘normal’ behavior.

3. Peer analysis reduces number of false positives through peer-level comparison.

For more details, follow the E&Y Report. 

Cyber theft is becoming more sophisticated, unfortunately not all companies realize it and accept the fact that more frequently this threat comes from the internal networks. Therefore, it is usually the external parties like FBI or the Department of Homeland Security who identifies the problem rather than internal security staff. Several largest energy and chemical firms have experienced problems caused by hackers gaining access to their internal networks.

However the issue of Cyber Security is becoming more and more addressed by the global society, but now we need to address not only stealing of data but also control intervention that changes data behavior.

Relevant Posts:

How developed is cyber security culture in your organisation: Oil and Gas Industry viewpoint – Part 1