Cyber Security Strategy for the Oil & Gas Industry

The energy sector was shown to be the second most prone industry to cyber attacks in 2016 (Ponemon Institute), yet the industry’s cyber maturity remains stubbornly low. Learn how the Quorum Cyber team helped one company stand out from this trend, and implement a robust cyber security strategy to safeguard them well into the future.

The Client

Quorum Cyber partnered with our customer, an oil and gas company with offices worldwide, to design, build and deliver the first cyber security strategy for the organisation. By providing both the executive representation of cyber security to the senior management team, as well as operational BAU capabilities, Quorum Cyber was able to accelerate their IT transformation and adoption of cyber security best practices effectively and efficiently.

The Challenge

The customer has traditionally handled security as part of the tasks within the IT team. As the world changed and security became a bigger issue, the customer struggled to keep pace with the evolving landscape of threats. Ultimately this resulted in a risk exposure that was not understood, and that was only going to get worse unless immediate action was taken.

The objective for the customer was to improve their cyber security posture effectively and efficiently; however budget and internal governance constraints meant that it would take them too long to do that by themselves and would be prohibitively costly (as recruitment and retention of cyber security talent is a growing pain for most organisations).

The Solution: Security Director as a Service

Quorum Cyber’s Security Director as a Service is a perfect fit solution, where we provide an industry recognised expert to act on behalf of the customer as their security advisor to shape and deliver a maturity journey. This enables the customer to have access to a talent pool that would otherwise be too expensive to find and retain. Furthermore, the Security Director also has access to the rest of the Quorum Cyber family, that can help augment the delivery of security projects and BAU capabilities – such as a Security Operations Centre

The Results

The security director quickly established a cyber security strategy and improvement plan; built the business case for each initiative and drove them to successful completion. The security director provided executive-level visibility of the progress of the strategy, as well as operational level support to ensure the strategy was delivered as planned.

Within 12 months, we were able to improve the security posture of our customer by 200% as measured against accepted industry standards including the NCSC’s 10 Steps to Cyber Security and the NIS directive. Critical capabilities were deployed, including mature risk management frameworks, network security controls, increased user education, security incident detection and response, and modern malware protection capabilities.

By establishing a managed service capability to deliver these improvements, as opposed to having to do it through staff recruitment and retention, we were able to save the organisation approximately £350K of operational costs.

The customer continues to retain our services as Security Director and the relationship continues to grow, Quorum Cyber is now engaged in providing a series of managed services, including our Managed Defence and Managed Attack Subscriptions.

For further information on the support our Security Operations Centre and Professional Services teams can provide you and your organisation, contact the Quorum Cyber team today.