In an age dominated by digitalisation, a company’s reputation becomes fragile and is in need of constant protection from a myriad of both external and internal threats. It is no secret that the oil and gas industry is one that deals with a large volume of data – most of which is highly confidential.
In some ways, the very core of an oil and gas business rests within the data that has been accumulated over several years of hard work, client servicing and logistics management. Therefore, the amount of sensitive information held by these companies is very high, leading to data leaks at a rather alarming rate.
According to InfoWatch’s Global Data Leakage report, more than 650 cases of data leaks have been recorded in the first half of 2014, with an estimated 450mn records compromised, including financial and personal data across multiple sectors.
The report found that the first half of 2014 has witnessed 32% more leaks than in the same period in 2013. In the six-month period, there were a total of 14 major data leaks recorded, in which more than 430mn items of data were compromised, accounting for 95% of the total data leaks recorded.
Overall, in 71% of the cases, company employees were responsible for information leaks, and 1% of the time, the culprits were senior executives. A staggering 89% of the leaks were related to personal or payment data, three-fourths of which were linked to identity theft.
In oil and gas industry, data leaks incidents decreased by 1% in comparison with the same period in 2013. However, this does not reflect the reality, as the study only captures those incidents that have been publicly reported; many organisations within the industry prefer to keep these quiet, in order to protect their reputation.
The main causes behind data leaks in oil and gas organisations are: theft of critical information by employees, targeted hacker attacks on the company’s infrastructure, loss or theft of mobile devices or laptops containing confidential corporate data. As an example, in July 2013 US Petrochem Insulation, ASRC Energy Services San Francisco, California, suffered from a major data leak which resulted in confidential employee information being made public.
On 18th of July an unencrypted corporate laptop was stolen from an employee’s car; the laptop contained personnel spreadsheets with employees’ names, social security numbers (SSN), and employee identification numbers. A social security number is a type of identification code of US citizens which allows confirming a loan, opening bank account, etc. Therefore, SSN is often used by malefactors for financial fraud in the US, and its leakage often causes serious financial losses for victims.
In the last few years, oil and gas organisations in the Middle East are becoming even more aware of data threats and consequences whether through increasing their education through the local press or by engaging with data security experts.
Despite this, however, the adoption of data leakage prevention solutions has not been as widespread as expected, as data leakage prevention (DLP) is an emerging concept in the Gulf region. However, existing awareness makes a good first step towards addressing data threats and implementing the right solutions.
Oil and gas companies can best protect their information through a multi-layered concept for data protection. This includes organisational measures, access rights management, data classification, and only then the technical solution for data leakage prevention and internal threats protection can work.
Hence, it is important for the oil and gas industry to set up Targeted Attack Detection software as it easily goes through any antivirus and implementing only an anti-virus solution is no longer sufficient.
These companies possess specific types of confidential data; such as mining and upstream data, minefield maps, etc. This type of data is highly confidential and must be reliably protected. There are a number of DLP solutions from different vendors in the Middle East market but very few are industry specific.
Only those DLP systems which have specific content filtration data base for oil and gas industry can provide a high level of confidential data detection in the outgoing data flows. Such customized DLP solutions can guarantee about 90% of efficiency when deployed within the company.
A system equipped with an efficient DLP solution can prevent employees from sending out confidential data through all network data transfer channels, such as web and corporate mail, internet resources – blogs, forums, social networks, etc., messengers – Skype, Gtalk, and other, local and network printers, and prevent copying the files into external storage.
These solutions work by classifying and categorizing the type of data stored on company servers and used and processed by employees, identifying information flow routes and storage locations and applying rules set by the system administration or information security officers.
With growing threats of data security, global analyst estimations indicate that companies in the Middle East are expected to invest over $550mn in data protection solutions.
This means that DLP has now become an integral part in building a safer environment for oil and gas companies’ data – and the level of control they allow system administrators mean that organizations now have more control than ever over the flow of their sensitive data internally.