Security Strategies: Oil Companies Lag Behind

Friday, July 29, 2011 @ 03:07 PM gHale

As difficult as it may seem to believe, only half of oil and gas companies have put a strategy in place to address information security threats.

In addition, oil and gas companies still lag behind other industries in formulating approving, and executing information security policies, as well as getting buy-in from senior management, according to and IDC Energy Insights survey of oil and gas IT executives.

Security 101: Avoiding Social Engineering, Phishing Attacks
Web Sites to Find if You’re a Target
Paranoia Means Better Security
Protecting Against Zero Day Attacks

“In oil and gas companies, awareness of appropriate security policies and best practices is still not good enough,” said Roberta Bigliani, head of Europe, Middle East, and Africa IDC Energy Insights. “They need to be better prepared to prevent and manage security breaches. This is not the time to reduce the budget for IT security and compliance.”

Of the top three information security threats perceived by oil and gas companies, the greatest is state or industrial espionage, followed by employee error or accidental loss of sensitive information, and vulnerabilities owing to insecure code, the survey found.

In addition, 55% of survey respondents expect an increase in their information security budget over the next 12 months. Ten percent of respondents said they are using regulatory compliance as a requirement to justify budgets. In fact, almost 25% of respondents said the regulatory environment was a barrier to ensuring information security.

More than 31% of U.S. respondents said information security was a top IT initiative at their company in 2011, but only 12% of the respondents indicated they are making investments to improve information security and mitigate risk.

“Software spending is increasing for client security solutions such as antivirus and antimalware,” said Usman Sindhu, senior research analyst at IDC Energy Insights. “Investment in security appliance solutions such as firewalls and intrusion prevention remains low this year, as just 10% of the survey respondents indicate investing in them.”

Leave a Reply

You must be logged in to post a comment.