As a critical infrastructure, the oil and gas industry are subject to significant risks caused by Cyber Security threats and vulnerabilities. From military aggression, to a lack of Cyber Security awareness among employees, the oil and gas sector is a high-profile target for cyber attacks which aim to disrupt production, intercept sensitive data, and cripple national and global economies.
In the first six months of 2020, cyber attacks in the oil and gas industry increased while the percentage of attacks in other industries declined.
With the increasing sophistication and adaptiveness of cyber attacks threatening the oil and gas industry, Lundin Energy partnered with MetaCompliance to increase Cyber Security awareness among staff and create a risk aware culture in the workplace.
Implementing the MyCompliance platform enabled Lundin Energy to take a people centric approach to Cyber Security and compliance. The SaaS based solution offers a fully integrated suite of compliance capabilities including policy management, eLearning, simulated phishing, privacy, and incident management.
Protection Against Phishing
The significant increase in phishing attacks in recent years was a key concern for Lundin Energy. The organisation had experienced an increased volume of phishing scams targeting employees. Using MetaCompliance’s award-winning MetaPhish module, Lundin Energy has been able to educate employees on how to detect phishing threats and foster a culture of vigilance amongst staff.
By creating customised phishing templates, Lundin Energy has been able to imitate popular phishing emails to reflect current trends and realistic scenarios which allow the company to identify high-risk departments or users.
With no previous Cyber Security awareness training in place, the reporting analytics within MetaPhish also enabled management to establish a baseline for current user awareness, understand user behaviour, and determine the level of phishing susceptibility throughout the organisation.
“The ability to track the results from the phishing simulations has been particularly useful. This has allowed us to monitor user awareness and observe improvements as employees become increasingly aware of the risks of phishing.”
For those users susceptible to the simulated phishing emails, Lundin Energy was able to auto-enroll the individuals in Cyber Security eLearning to educate the users about how to avoid future phishing attempts.
Creating an Engaging eLearning Environment
MetaCompliance’s eLearning library offers targeted learning in various formats, including animation and live-action, to provide users with the knowledge and skills they need to respond to a constantly changing threat landscape.
Since working with MetaCompliance, Lundin Energy has created Cyber Security and Privacy eLearning courses that are specific to their organisation, and delivered in a bite-sized format to engage employees.
“We are now able to deliver Cyber Security awareness training in short, regular intervals which helps to foster a culture of continuous learning and provides employees with more flexibility. The eLearning is user friendly and has been well received. The short video content is digestible and provides context for employees about their role in keeping the organisation safe.”
Powerful Policy Management
Taking an automated approach to policy management helps to ensure that company policies are auditable, accessible, and always up to date. With MetaCompliance’s policy management module, Lundin Energy can now effectively manage key policies, demonstrate policy participation, and quantify staff understanding with accurate reporting for auditors and regulators.
As a result, administrative time and the manual processes involved in managing and maintaining policies have been reduced.
A Culture of Cyber Security
Lundin Energy has successfully increased awareness among employees and educated staff about their role in keeping the organisation safe from cyber threats.
In the future, Lundin Energy plans to continue engaging employees with Cyber Security awareness training throughout the year and tailor content to employees’ needs so that it remains relevant to their specific roles.
“We have recognised an increase in user awareness and more people reporting suspicious activity. Going forward we plan to continue embedding a culture of Cyber Security as a top priority across all areas of the organisation.”