Important Notice: We are committed to providing you with a safe environment to do business, in accordance with all the health & safety guidelines set out by the local authorities. The event will be delivered with strict standards of health & safety precautionary measures including social distancing, contactless transactions and hygiene protocols. Learn More

Saudi Aramco hires KPMG to oversee cyber security compliance among suppliers

   

Saudi Aramco hires KPMG to oversee cyber security compliance among suppliers

The National News
Crude oil storage tanks stand at the oil refinery operated by Saudi Aramco in Ras Tanura, Saudi Arabia. In 2017, a $20 billion petrochemical project joint venture between Saudi Aramco and Dow Chemicals experienced a spate of hacking attacks. Bloomberg

Companies will need to certificates to make sure they have met security standards

Saudi Aramco, the world's largest oil-exporting company, signed an agreement with KPMG to examine cybersecurity compliance among its third-party suppliers.

The company is stepping up protection of its critical Middle Eastern oil and gas facilities, which have been targets of cyber warfare in the past.

Suppliers including general vendors and those specialising in outsourced infrastructure, customised software, network connectivity and critical data processors need to obtain Saudi Aramco's cyber security standard certification.

“Based on our analysis of minute-by-minute technological disruptions and ever-changing cyber security needs, we believe that vital national assets such as Aramco need to be fully protected with state-of-the-art and seamless cybersecurity systems,” said Abdulaziz Alnaim, managing partner of KPMG's Eastern Province office.

The financial fallout from cyber-attacks in the Arabian Gulf in 2017 was estimated at more than $1 billion, according to a 2018 report by Siemens. The pandemic and remote working model have further intensified the threat across the world and in the Middle East.

The cost of data breach among a selected sample of companies in the UAE and Saudi Arabia rose 9.4 per cent, costing them $6.53 million per breach, according to a 2020 study by IBM Security.

While the financial services sector suffered the most cyber attacks, the Middle East's oil and gas facilities have also been targeted.

Three out of four oil and gas companies in the Middle East suffered at least one security breach resulting in the loss of confidential information or disruption to operations, according to a report on the cyber threat landscape for oil and gas, published by Microsoft in 2018.

One of the most prominent breach was the Shamoon virus attack on Saudi Aramco systems in 2012, which wiped hard drives of some some 30,000 computers clean.

The attacks were blamed on Iran, which denied responsibility.

In 2017, a $20bn petrochemical project joint venture between Saudi Aramco and Dow Chemicals also experienced a spate of hacking attacks.

“Third-party risk is a key risk in the area of cyber security, managing this risk will improve the cyber posture of organisations who heavily depend on external parties or suppliers. More organisations should follow the direction which Aramco has taken,” said Ton Diemont, head of cyber security for KPMG Saudi Arabia, Jordan, Iraq and Lebanon.

Certificates issued by KPMG will be valid for two years. However, if a supplier is awarded a contract which has specifications not included in the certificate then a new one will need to be issued.

View all News
Loading

Supporters & Partners

OFFICIALLY SUPPORTED BY

UAE Cyber Security Council

OFFICIAL GOVERNMENT CYBERSECURITY PARTNER

Dubai Electronic Security Center Logo

dp

OFFICIAL DISTRIBUTION PARTNER

ISPIRE

OFFICIALLY SUPPORTED BY

Telecommunications Regulatory Authority

Official Smart City Partner

Strategic Sponsors & Partners

Strategic Partner

huawei

Strategic Partner

  • Recorded Future

Platinum sponsors

digital14


PCYSYS

Secret Briefing Partner

rafael

Diamond sponsors

threat quotient

Attivo Networks - GISEC

XM Cyber - GISEC

Silver sponsors

bluvector

checkmarx-gisec

Darktrace-gisec

Recruitment Partner

cander-gisec

Training Partner

sans institute

Industry & Association Partner

Germany Association Partner

TeleTrusT

Supporting Association

CSFI

Supporting Association

ISC2

Supporting Association

OIC

Supporting Association

Russoft

Supporting Association

CSI Mumbai

India Pavilion Partner

Logo

Association Partner

techUJLogo

Knowledge Partner

Frost Logo

Association Partner

CyberWales

Exhibitors

 

Media Partners