From: Energy Voice
Written by James Parry
***
However, only just over half (62 percent) were actively monitoring and analysing security intelligence. What is the quality of that threat intelligence? If we look at a piece of research from Ernst and Young conducted in 2015, we find that 61 percent of O&G organisations believe it’s unlikely or highly unlikely that they would be able to detect a sophisticated attack. Nearly a third 29 percent had no real-time insight on cyber threats. Only 13 percent believe that their information security function is fully meeting needs.
This research suggests that while some O&G organisations are carrying out intelligence gathering very few have access to real-time feeds or any real faith in this monitoring to be able to detect an imminent attack. Why? Because this is a passive rather than a proactive form of threat intelligence. The emphasis is still very much on defence rather than threat hunting. For example, is the producer monitoring unconventional networks for evidence of organised criminal attacks? Is it monitoring social media, forums and the dark web not only for company references but also company passwords? Is it cross referencing data being trawled with geopolitical influences or competitor activity?
Leave a Reply