Global State of Information Security Survey: Oil and gas

The faster growing sources of security incidents in the oil and gas sector

Organizations detect fewer incidents

The number of information security incidents detected by oil and gas companies declined in 2014. Foreign nation-states, which often target intellectual property, are the fastest-growing sources of security incidents. But it's important to note that most respondents say current employees are the most cited culprits of incidents.

Managing an elevated threat environment

Many organizations are adopting field technologies such as connected sensor-based devices that have expanded the cyber-attack surface. Management of these technologies, which are generally not as secure as IT systems, will require that companies develop a security strategy that covers the convergence of IT, operational, and consumer technologies (also known as the Internet of Things). Businesses also will need to implement the right technologies and processes to combat progressively aggressive malware, and assess the security capabilities of third parties and M&A targets.

Insider threat safeguards are lacking

As threats from employees and business partners continue to rise, limiting and controlling access to key data assets has become increasingly pivotal to effective information security and privacy. Yet a surprising number of companies have not implemented fundamental tools like identity management and network access control. Also lacking are employee security and awareness programs and other basic personnel precautions.

Improvements in key strategic safeguards

Oil and gas companies are taking steps to improve certain strategic approaches, including implementation of risk-based security strategies, the hiring of Chief Information Security Officers (CISOs), and a top-down commitment to cybersecurity. Businesses also report that they are more likely to collaborate with external partners to improve threat awareness and security practices, and are purchasing cyber-insurance policies to help mitigate financial losses that result from security incidents.