Intelligent CISO Issue 54 | Page 53

industry unlocked
What are the bigger implications on the organisation as a result of a successful attack ?
The ramifications for energy companies as a result of an attack are far-reaching . The first consideration of most energy companies is providing their commodity to customers . Whether that ’ s gas and oil or electricity , these commodities are vital to society . The number one concern of most organisations is making sure that that supply of energy reaches the customers that need it because of its importance in civilisation .
Other considerations are around how those businesses operate . Quite often , there are financial considerations , whether it ’ s an immediate financial impact through the loss of supply , the inability to bill for the energy that is supplied or the impact it makes on the reputation of the company , which has a knock-on to its value . These are very widespread consequences that come from these events and it can often be very difficult for an organisation to measure the impact .
What are the tools and technologies that organisations need to protect against these threats ?
For many energy companies , the best form of defence is a secure perimeter – having really good visibility and an understanding of how actors may try to get into their environment . Actors that target energy organisations are persistent and will use multiple techniques and tactics to get through those environments to ultimately achieve their aims , so it ’ s very important to have visibility of those networks to understand the assets you have , how they ’ re connected and how they can be exploited .
Once you have visibility of your network , you can then start to understand the vulnerabilities those assets may have and which ones are important to you . You can identify the assets that have the greatest consequence and put in place the right actions to manage risks within those spaces .
One of the increasing capabilities that most organisations need – particularly in the post-pandemic world – is remote access . It ’ s almost impossible for any business to operate without some sort of remote access , even for the most critical organisations .
Having secure tooling that ensures only specific people can access certain environments , and the actions that those people take in that space are appropriately actioned and monitored , is very important , along with Multi- Factor Authentication . www . intelligentciso . com
53