In the digital age, technology is being leveraged by both organisations and adversaries alike; and not a week goes by where we don’t see an innovative array of cyber-attacks targeting critical assets. The wider implications of these attacks from loss of sensitive data, penalties and brand trust are well known. To respond to this new era of hyper-connectivity, virtual crime and hacking, Cyber Security must be prominent on every boardroom agenda.
The repercussions of a security breach on a business, including brand deterioration, erosion of customer confidence, loss of profit and loss of market value is real. A challenge made more complex through regulations and directives with strict punitive measures if exploitation does take place. In an attempt to protect their enterprise risk, often organisations overburden their customers with high security, reducing the quality of the digital retail experience and customer satisfaction.
In previous blogs, I have discussed a ‘digitally-enabled fleeting fuelling proposition’ that transforms the way Oil Majors interact with their customers; combining every aspect of the fleet process, including retail and payments into a single integrated solution. The blogs talk about how we are seeing shifts away from payment through a card to payment via a mobile device, such as a smartphone, watch or car. Balancing risk versus opportunity in a digital world is difficult – but Cyber Security can be a key enabler for Oil Majors to realise their objectives.
What if cyber security could be used as an enabler for innovative and scalable Fleet Fuelling propositions? What if security was involved in the solution development lifecycle from the start? How much faster to market and agile would we be?
‘The advent of digital
Delivering digital initiatives with the right balance of security capability inherent at the core is the answer for any Fleet Fuelling transformation. Promoting easy authentication without compromising the customer’s perception of security and protecting the enterprise risk should always be the ultimate objective. This is a major driver for differentiated service, accelerated growth, and market share.
We can achieve this through our Cyber Blueprint which has been created through over 40 years of delivering secure services. The blueprint brings together the critical enablers of ‘Assess the risk’, ‘Protect the business’ and ‘Operate with confidence’. Critically, the Blueprint enables clients across all industries to manage their security risk.
'We protect against 43
As we look across our engagements in different industry and government sectors, there are a number of crosscutting themes that are evident. From those, we are focusing on leveraging capabilities in three particular areas.
The first, as mentioned, is the preparation and response to the General Data Protection Regulation (GDPR) which comes into full force in May 2018. GDPR’s impact on organisations that hold and process personal information is going to be profound and we are helping organisations navigate the complex steps that they need to take in a relatively short space of time.
The second area of focus is to ‘secure the cloud’. Many organisations, from central government to financial institutions are now reaching a tipping point and embracing cloud in its various forms. As the cloud platform providers are keen to point out, many of the security and data protection responsibilities still lie with the end user, from control of access to data classification, to intrusion monitoring.
Lastly, we are promoting our Advanced Threat Investigation (ATI) services which go beyond conventional SIEM-based monitoring to use Big Data, machine learning and threat intelligence to provide a ‘hunting’ capability to find sophisticated intruders that are not found using conventional monitoring techniques. Continually assessing and mitigating the threat is a critical activity for CGI. For Oil Majors, it provides the peace of mind to focus on the front line to drive growth and loyalty through innovative and scalable digital transformation.
To find our more on how CGI is transforming the Cyber Security landscape please visit www.cgi-group.co.uk/cyber
About this author
Vice President – UK Oil, Gas & Consumer Services
Matthew Grisoni is a senior management executive with over 35 years comprehensive IT business experience of full-service IT business solutions. He has experience of running multiple business lines within CGI, including the integration of CGI’s and Logica’s UK Financial Services business, following CGI’s acquisition of ...
Hi Matthew, thank you for an interesting read.
As someone with a keen interest in Cyber security I have often found companies get the wrong balance between security and usability of a system. This often comes off the back of bolting security on at the last minute instead of making it part of the development lifecycle from the start.
Would you say that, no matter the size of the project, cyber security should be a consideration from the start in today’s world? If so what way do you envisage this happening? Something like a new position on all teams, say a Security Consultant, to work alongside the Team Lead/ Project Manager or should it be done by an external party such as a dedicated security team a step removed from the project itself?
Yes, absolutely agree that cyber security needs to be baked in, not bolted on. We aspire to make security part of every project we undertake and every service we provide. Not every customer wants to consider security at the outset, partly because security is still often seen as an expense that can be avoided. The reality is, as we all know, that security is an essential part of any digital service and that underspending on security will cost you in the long run. I would wholeheartedly recommend creating a security role in every team, for every project, simply to get the security thinking done early. Whether that role is internal or external depends entirely on the level of expertise that exists within your organisation – don’t be afraid to get help if you need it. Good cyber security can be a great enabler, rather than an obligation, if you get it right from the outset.