Today, the whole world is moving in a fast-paced global economy that relies heavily on data and information transmitted through cyberspace. This entails many benefits and at the same time many risks. Thus, cooperation between companies and organizations is essential. In the past, organizations often invested in safety of their digital environments, without considering how their partners responded to the challenge. Today, however, with increasing technological progress, this type of approach is no longer sustainable and the cooperation of companies for cybersecurity is essential.
In fact, building a cyber defense outside an organization is just as important as securing its internal infrastructure. This is exactly why cooperation is one of its strategic goals Saudi Aramco for cybersecurity, through which the company seeks to create a culture of cooperation in the business ecosystem, including both national and international partners.
As one of the largest companies in the world, Aramco seeks to build long-term and strong alliances with leading national and international cybersecurity institutions, government agencies and organizations operating critical national infrastructure (CNI).
It is an approach that adapts to the conditions and needs of the 21st century, in which business partnerships with third parties are often unavoidable, especially for organizations operating in different business fields and managing a different portfolio of services.
Involvement of contractors or outsourced companies could jeopardize the data, raising questions about governance and security. An individual third-party operator could be exposed to multiple data breach opportunities in their dealings with their affiliates.
In recent years, companies around the world have experienced multiple cyber incidents in which hackers exploited vulnerabilities to penetrate the intended objectives. The consequences of such a penetration vary: from infringement and theft of sensitive and confidential information, up to operational disruptions, financial losses, but also legal liability of the organization that receives malicious intrusion, which negatively affects its reputation. Only through cooperation can trust and solvency be ensured throughout the supply chain.
Given its scale and vital contribution to the global economy, Aramco remains a target for cybercriminals who are constantly trying to disrupt the business and operations of the company for their own benefit. Thus, the company develops the best cybersecurity solutions, while adopting the highest standards of data governance and cybersecurity. It is also important that it raises awareness and educates its employees about such threats.
The cyber security of any organism in a chain is as strong as its weakest link. A determined attacker will identify the organization in a supply chain with the weakest cybersecurity capabilities and take advantage of vulnerabilities in its systems to obtain access to other organizations. Although this is not always the case, smaller organizations in a supply chain are often targeted, as the fact that they have more limited resources is perceived by cybercriminals as a weakness on the part of cybersecurity.
For this very reason, Aramco has developed one Cybersecurity Supply Chain Program to effectively combat cyber threats from third parties. Having received it CSO50 Award recognizing security projects or initiatives that demonstrate exceptional business value and leadership thinking, the program identifies the functions and possibilities required by third party companies to mitigate these risks.
The goal is to ensure that cybersecurity always remains a priority for the company's partners. In addition, the program aims to protect the data and assets of Aramco entrusted to third parties and reduce the chances of possible disruption, by strengthening its cyber stance and defense.
Its focus on cooperation has also led Aramco to become a founding partner of the newly established Center for the World Economic Forum on Cyber Security (WEF C4C), One platform that will shape the global response to cyber threats. It will do this through policy recommendations, information exchange, new frameworks and recognition of industry best practices.
According to Infosecurity, Aramco has worked closely with partners this year to launch a cyber resilience program. This initiative includes the creation of cyber resilience principles and guidance for company executives who can influence organizational and behavioral change in the oil and gas (O&G) sector. It also focuses on cyber risk in terms of business technology / industrial control systems environment and supply chain.
The program also aims to develop a reliable network throughout the O&G ecosystem, through new recommendations for system builders, operators and third parties. The program also seeks to increase the visibility of cybersecurity measures across the sector, by establishing independent and reliable procedures and benchmarking mechanisms.
The WEF C4C also helps operators in all industries to overcome the challenges in the cybersecurity industry, against the background of rapid digitization. A partnership between Saudi Aramco and the WEF C4C addresses cybersecurity response during its pandemic COVID-19, stressing the importance of business continuity.
Finally, Aramco stressed that it seeks to achieve seamless cybersecurity resilience worldwide while enhancing the capacity and excellence of talent. This requires ongoing collaboration between IT, legal, procurement teams and staff organizations and networks.