As the oil and gas sector depends on contractors as part of the supply chain, a rising wave of global cyberattacks raises the question – how seriously do suppliers take cybersecurity?
With the energy sector becoming increasingly dependent on digitisation, through the explosion of Artificial Intelligence and the Internet of Things, so too does it become more vulnerable to cybercrime.
Damage caused by cyberattacks is vast, making the need for robust defences to beat the growing menace of hacks essential.
While your own business may have cybersecurity training and strategies in place, it’s just as important that those tendering to work with you can evidence their own level of cyber health, says Austen Clark, managing director of Clark Integrated Technologies in Aberdeenshire.
He said: “Energy companies face significant cybersecurity threats, and hackers are always looking out for the weakest chinks in an organisation’s defence wall. That might be through a third party you do business with. So you may have strong policies and procedures to protect your own organisation, but what about your suppliers? Can they evidence their cyber security?
“Computer hackers break into systems to steal, change or destroy information. They are smart and their tactics are changing. They will look for vulnerabilities, and wherever they find them they will exploit them.”
The Scottish Government is at the forefront of efforts to raise the bar on supply chain cyber security.
Mr Clark advises businesses seeking to gain work through the procurement tending process to demonstrate their commitment to cyber resilience by seeking a recognised accreditation.
Mr Clark said: “As part of the tightening of supply chain cyber security, contractors that fail to meet minimum requirements may be ruled out of the bidding process.
“Being out of the procurement process means lost opportunities, and a loss in revenue streams which could have far-reaching implications for SMEs of all kinds, from building trades to hotels, taxi operators to cleaning contractors.
“The ability to evidence a defined knowledge, understanding and commitment to cyber security is not only applicable in the public sector, but is increasingly embedded in in the wider business landscape.
“This is not without reason. Setting standards on digital security is an effective way to minimise the impact of the rising tide of hack attacks. It’s essential to business resilience and more commercial operators are seeking similar safeguards from their suppliers.
“In a climate of increasing cyber threats, supply chains can be an easy route to attack larger organisations. At its core, these measures are being put in place to raise awareness and enhance cyber resilience. It’s critical for SMEs to evidence that they have high regard for cyber and trade securely, regardless of size or sector.”
Cyberattacks cost the UK economy £8.8 billion, and are a growing concern for small businesses everywhere, with nearly a quarter of those recently surveyed saying they had been affected by an attack in the past year. Almost a quarter said they couldn’t survive for more than a month if unable to trade following an incident.
The Scottish Government has a scheme in place for SMEs and sole traders to access up to £1,000 to help improve their digital security by obtaining Cyber Essentials certification, which can help protect against many internet-borne attacks.
Mr Clark added: “It’s a must for any firm wishing to tender for business. This certificate is critical, even if digital services are not core to your business operation.
“Anyone can play lip service to cybersecurity, but what counts is endorsed accreditation. With the government-funded voucher scheme, it’s a chance to tap into a funding stream and gain a certificate which will help future-proof your business.
“Applications for this scheme remain open until March, or until the funding pot dries up, so I’d strongly advise businesses to take advantage right away.”
The Scottish Enterprise Voucher Scheme is available on a first come, first served basis and applications close in March 2020.