Device Hardening and Continuous Compliance MonitoringCONTINUOUS COMPLIANCE

A new study has found that the US oil and gas industry and falling behind when it comes to cyber security preparedness, with nearly two-thirds (68%) of organizations having suffered a major security breach in the last year.

Siemens commissioned the Ponemon Institute to survey 370 cyber risk professionals within the oil and gas industry. Some 61% of respondents said their industrial control systems are not sufficiently protected, and nearly two-thirds (65%) claimed that the biggest threat to their organization is negligent or careless insiders.

Even more shocking, only 48% of respondents claim to have plans to use encryption for data in transit over the next 12 months. In addition, only 39% plan to deploy hardened endpoints and only 20% plan to adopt user behavior analytics. This is all scary stuff considering the vast majority of these respondents feel these measures would be very effective in security their IT environment.

Only 41% of respondents claim to have continuous monitoring in place, even though the NERC CIP compliance standard puts a great deal of emphasis on security event monitoring, including breach detection, suspicious activity reporting, and file integrity monitoring.

Change Control for the Energy Sector

However strong the perimeter security, in the vast majority of organizations there are far too many opportunities for hackers or malware attacks to slide in undetected.

Forensic-level monitoring of system changes provides a means whereby subtle breach activity can be exposed, but the amount of noise created on a daily basis by critical upgrades, system patches and required, updates once visible is overwhelming.

When it comes to breach detection, it becomes virtually impossible to distinguish between the expected file and registry changes prompted by these changes and nefarious activity. However, with File Integrity Monitoring, an automatic intelligent change control system, it is possible to cut down the noise, distinguish the unexpected from the planned and, finally, close the change control loop.

 

Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
emailUSinfo@nntws.com
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
emailinfo@newnettechnologies.com
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


We strongly advise NNT Customers and Partners to sign up for our Product Updates Mailing List to receive information on software updates and new product features.

Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.