Offshore Europe keynote: Humans are weak link in cybersecurity

By Linda Hsieh, Managing Editor

Cybersecurity took center stage at the 2015 Offshore Europe keynote session on 9 September in Aberdeen, UK. Tarquin Folliss, Director International for the Falanx Group, urged the industry not to think of cyber as merely a technical or IT issue. “I would say it isn’t. I would say it’s about people and how we as individuals interact with technology – that’s the issue,” he said.

Human errors produce significant vulnerabilities for companies in the cyber domain, whether by failing to follow the proper security procedures or through a bad decision to respond to a phishing email. “Press this button and you might get an iPad. You’ve just downloaded malware into your company,” Mr Folliss cited as a common example. “If you want to know what is the biggest threat to cyberspace, it’s us. It’s the human factor.”

If companies think they can just build taller or better firewalls, Mr Folliss said, he doesn’t believe that strategy will work. It takes exponentially more money for a company to defeat a piece of malware that may have cost just $500 to develop, he noted. “It shows that if we’re looking at a straight arms race with the cyber criminals, we’re not really going to win because the cost differentials are just so exorbitant.”

Industry may need to think differently about cyber challenges, and the first step of defense is recognizing our own vulnerability. Mr Folliss noted the growing list of high-profile attacks in recent years, such as Sony, JP Morgan, eBay, Target and even Ashley Madison. “But we tend to view those attacks with a certain detachment, rather like a scandal that’s hit a celebrity. It’s fascinating, but does it really affect us?” But of course it does, Mr Folliss indicated. He referenced publicly reported cyber attacks on Pemex and Saudi Aramco as examples proving that the oil and gas industry is in no way immune.

Industry also must give more consideration to the concept of Big Data. A study from 2011 found that the world created 1.8 zettabytes of new data that year. “That’s 1.8 trillion gigabytes,” Mr Folliss explained. “To visualize that, that’s enough data to fill over 57 billion 32-gigabyte iPads, and that’s enough iPads if you put them stacked on top of each other to build a wall as long as the Great Wall of China, twice as high. That’s a massive amount of data, and that was only one year.”

In 2012, the amount of data created leapt to 2.8 zettabytes, and it’s expected that the world’s information doubles every 18 months, he said. “A significant chunk of that data is about us, which begs the questions: Who owns that data? Where is it stored? How secure is it? How is it exploited and by whom?”

New thinking is needed to create new solutions, and that will likely require input from the younger generation. “Because we’re living through this revolution, and as anyone who has lived through a revolution, we can’t really hope to understand the full impact that it’s going to have on us and on the society,” Mr Folliss said. “I think that’s particularly tough as we get older. For example, my kids probably find cyber a lot easier to deal with and all the consequences of it because they’ve grown up with it. They haven’t got a reference point beforehand to compare it.”

He continued: “Unfortunately I think most of my generation runs governance, certainly corporations, and we’re using the norms that we’ve grown up with to try and tackle that problem, and I don’t think it’s working.”