How To Use Threat Intelligence Data To Manage Security In The Age Of COVID-19
COVID-19 has already had a huge impact on the global economy. According to Statista, GDP growth globally will drop from around 3% to 2.4% - equivalent to a drop of around $35 trillion worldwide. In sectors like oil and gas, the impact is particularly acute: IHS Markit predicted that the reduction in oil consumption due to COVID-19 has led to a first-half surplus of 1.8 billion barrels of crude oil. The macroeconomic trends around these worldwide sectors point to harsher economic conditions and recession.
For companies in the oil and gas sector running complex operations around the world, this will lead directly to tougher trading environments and a lot of necessary belt-tightening when it comes to costs around operations. Indirectly, the potential recession could cause more civil unrest and security threats for them as well. To cope with these potential challenges, companies will have to look at how they can maintain security for their operations and prevent risks as much as possible.
Taking a contextual approach to physical security
With these two goals in mind, looking at threat intelligence data should be considered. Threat intelligence refers to a set of data that can be used to judge current and future trends around risks, from everyday crime or political changes through to larger events like civil unrest, terrorism or the current pandemic. Based on data around these issues, companies can make better decisions on how they invest and manage their security posture in advance. Behind this overall approach, however, there are a significant number of moving parts that have to be considered. This includes where the data comes from, how it is used, and who is using the data.
Companies can make better decisions on how they invest and manage their security posture
The first consideration for threat intelligence is where data comes from. Typically, companies with large oilfields or refinery operations will have large investments in physical security to protect these environments, and part of this spend will include intelligence on local market, political and security conditions. Using this forecast data, your security leadership team can ensure that they have the right resources available in advance of any particular problem. This data can come from multiple sources, from social media data and crowdsourced information through to government, police and private company feeds.
This mass of information can then be used to inform your planning and decision making around security, and how best to respond. However, one issue for oil and gas companies with distributed operations is how much data they have to manage over time. With so many potential sources of information all feeding back in real time, it’s hard to make sense of what comes in.
Similarly, companies with international teams may have different sets and sources of data available to different parts of their organizations - while each team has its own view of what is going on, they may be missing out on contextual data from other sources held by neighbouring teams or by the central security department. Without a complete picture, it is easy to miss out on important information.
Making threat intelligence smarter
To solve this problem - and to reduce the costs around managing threat intelligence data - centralizing your approach can make it easier to provide that context to all your teams and stakeholders. Rather than letting each team set up and run their own threat intelligence approach, centralizing the data and letting each team use this can reduce costs. More importantly, it can improve the quality of your threat intelligence approach overall.
By applying a combination of algorithms and security analysts to evaluate threat intelligence centrally, you can improve the quality of the data that you have coming into the organization in the first place. This approach provides higher quality data for decision making.
However, a centralized approach is not enough on its own. Local knowledge and analysis is always useful. Consequently, alongside any centralization approach you have to have better filtering and search capabilities, otherwise you risk teams not being able to get the information that is particularly relevant and timely to them. This approach of bringing together centralized management of data feeds with more powerful tools for local teams to find what they want and get that access in real time represents the best of both worlds.
Scenarios vary from a best case return to pre-crisis revenues of $50 to $60 per barrel by 2021 or 2022
According to consultancy firm McKinsey, the oil and gas sector faces an enormous challenge over the next few years. Scenarios vary from a best case return to pre-crisis revenues of $50 to $60 per barrel by 2021 or 2022, through to a worst case scenario where demand never returns and the industry has to undertake managed decline around some assets and look for new market opportunities in others. Whatever scenario plays out in the real world, security for existing assets will be a continued requirement.
Planning ahead using threat intelligence data will be essential whatever happens. To help reduce costs and improve data quality, centralizing this approach will help. Without this mix of global oversight and local detail, companies will find their operations hampered and wrong decisions are made. It’s only by applying threat intelligence data in the right context that security teams will be able to keep up with the challenges of the future.