Risk Management Key to Cyber Security Strategy

According to the chief executive of BP, cyber attacks constitute a group-level risk that is managed as part of BP's standard set of risk management processes.

Chief executive Bob Dudley told the Global Cyber Security Innovation Summit in London: "We recognise cyber threats as a major risk and the need to have a system to manage that risk and minimise the impact of attacks.

"Uncertainty is a fact of life, but we can be organised in our approach to managing risks by having a clear set of risk management processes in place."

Risk management forms part of the governance component of BP's cyber defence strategy. One key process is aimed at identifying and prioritising each threat based on risk assessment.

Dudley believes that BP has a multitude of risks to manage, and is constantly looking to innovations in cyber security to improve its defence capabilities.

He said: "It is important to have a policy that sets out executive accountability and responsibilities of each member of staff, but rules are not effective without real defence capability.

"Thousands of pieces of malware try to get through our firewalls every day, and our employees are constantly targeted to steal their user credentials."

BP conducts regular awareness campaigns around issues such as keeping passwords safe and using unknown USB sticks, to educate staff and enable them to become frontline defenders.

Phishing is also a significant threat and BP conducts regular simulated phishing attempts with follow-up education sessions, to make sure their employees know not to click on risky links in emails.

Dudley added: "We see phone phishing as an equal threat, and in the face of thousands of fake emails and calls, employees need to learn to recognise them."

print this article

Return to internet news headlines
View Internet News Archive

Share with: