Leading the way in cybersecurity
Aramco earns prestigious international award from international data group.
Aramco’s Third-Party Cybersecurity Program, which has the goal of guarding the company from cyber threats stemming from third parties, received the prestigious CSO50 2020 award from the technology media company International Data Group.
The award ceremony was held virtually due to ongoing COVID-19 pandemic restrictions.
ISD’s program introduced governance and protection mechanisms across Aramco’s supply chain to protect against increased cyber risks. It had a key role in not only securing the company, but also increasing cybersecurity awareness and capabilities of Aramco’s third parties.
CSO50 is a prestigious global award presented to the top 50 distinguished projects that have resulted in the highest positive impact to an organization’s cybersecurity posture, community, and ecosystem.
“In ISD, our motto is, ‘Information security is everyone’s responsibility,’ which highlights the role every employee plays when it comes to protecting the company’s data and assets,” said Aramco’s chief information security officer, Khalid S. Al Harbi. He noted that cyberattacks are growing in sophistication, but attackers use social engineering techniques in exploiting human instinct to lure unsuspecting users into exposing data, spreading malware, and giving access to restricted systems.
Managing cybersecurity behavior
“Advanced technology and security practices, no matter how sophisticated, will always be constrained by the human factor. Therefore, we are committed to continuing our efforts in promoting a resilient cybersecurity culture in Aramco through our Cybersecurity Behavior Management Program,” Al Harbi added.
The program is undergoing a shift to create a vigilant culture, transforming it into a collaborative behavior-centric program.
Al Harbi said ISD continues to scale its efforts through collaboration with government agencies and critical national infrastructure to promote positive cybersecurity behaviors nationwide, including research with the World Economic Forum (WEF). As a founding member of the WEF’s Center for Cybersecurity, Aramco and the center, known as C4C, are leading a cyber resilience program specifically focused on the oil and gas industry.
Together, they are leading development of guidelines to help change cybersecurity behavior industrywide by creating a network to embed strong practices across the oil and gas ecosystem.
In turn, the company has been driven to ensure the evolution of its own cybersecurity capabilities as well as those in the industry. The development of the Third Cybersecurity Program emerged in response to meet this need.
Dheba S. Al Rashid, the lead for the Information Security Programs Development Group, said the key to the program is strong collaboration with our partners in addressing cybersecurity challenges.
“The program strives to proactively combat cyber risks originating from third parties by embedding cybersecurity at every stage of the third-party engagement life cycle,” she added.
ISD has also established the first digital certification for the company’s third parties, called the Cybersecurity Compliance Certificate, which strives to elevate cybersecurity capabilities across Aramco’s supply chain to ensure that best practice standards are upheld.
ISD has also hosted a number of collaborative sessions Kingdomwide to unify national efforts in tackling supply chain risks and raise security standards.