International Cybersecurity Awareness Month: A Conversation with Volue's CISO

Volue is leading the energy markets’ transition to robust and sustainable services critical for society. Because of our work across the energy sector and critical infrastructure, we consider cybersecurity a high priority. Stringent and well-planned cybersecurity measures are critical to prevent cyberattacks that could disrupt essential services, impact our customers, compromise safety, and have far-reaching economic and societal consequences.

Threats are constantly evolving

“To provide a context to the challenges all sectors are facing, it’s important to emphasise that cyberattacks are on the rise, with a relentless surge in frequency and sophistication. This trend can be attributed to several factors. Firstly, the ever-expanding digital landscape offers a broader framework for cybercriminals to exploit, including an increase in collaboration apps like Microsoft Teams, IoT devices, and cloud infrastructure,” says Brynjar Larssen-Aas.

“Secondly, the proliferation of hacking tools and malware is making it easier for both novice and experienced hackers to launch attacks. An example we’ve seen recently is with multi-factor authentication. Multi-factor authentication, or MFA, significantly bolsters security, but recently we’ve seen that it's not impervious to phishing attacks. While MFA makes it harder for attackers by requiring a second authentication factor, some advanced tactics can bypass it. This is one of several threats that we are closely monitoring and that we have taken concrete measures to protect against,” notes Brynjar.

Enhanced cybersecurity measures

The interconnectedness of our modern world and our reliance on technology underscores the critical need for enhanced cybersecurity measures to combat ongoing and ever-changing threats. Brynjar explains what this means for Volue.

“In the most basic terms, it’s about working with a key set of processes and procedures. We have frameworks in place that are shared widely with our employees. In my own role and as a business, we place a strong emphasis on cybersecurity readiness, recognising that it demands investments in both technology and training,” notes Brynjar.

He adds: “In many situations, the simple act of being aware can have tremendous value . Cybersecurity awareness is an essential component of a robust cybersecurity strategy. It empowers individuals within a company to become the first line of defense against cyber threats, reducing vulnerabilities, minimising risks, and safeguarding sensitive information."

“We are committed to reinforcing security measures not only for our internal operations but also for the services and products we provide on behalf of our valued customers. Safeguarding digital assets remains a top priority for Volue, underscoring our dedication to maintaining trust and protection in the digital age."

Looking to the future

Following a ransomware attack in 2021, Volue has built back to a better, stronger, and more secure place. We've bolstered our infrastructure by migrating it onto the unified Volue IT platform, reinforcing the security of our services and data.

With our 24/7/365 Security Operations Center monitoring service in place, we also maintain an increased, vigilant oversight. Additionally, we actively contribute our cybersecurity expertise at various security forums and place a high priority on all security aspects, including bug fixes, source code and third-party asset management, and robust vulnerability control.

When asked about his best advice to companies who are looking to upgrade their security posture, Brynjar Larssen-Aas says that there is no silver bullet when it comes to information security:

“There are hundreds of different actions to take that would improve a company’s security, and instead of highlighting one or two of these, I would advise to follow a security framework, as it will help any organisation to discover new, and map all their existing security actions in a logical structure.

As an example, Volue is certified on ISO 27001, but we also use the NIST Cyber Security framework (CSF) because of its logical setup throughout the five pillars Identify, Protect, Detect, Respond and Recover."

“It’s fair to say that 9 out of 10 cyberattacks involve some sort of human factor. Of course, it’s extremely important that as a supplier of critical infrastructure, we must continue to be as secure as possible. In my opinion, that starts with balancing secure technology and awareness, working together as a team, being vigilant and undertaking ongoing training. We will continue to protect ourselves and our customers as we do so,” concludes Brynjar Larssen-Aas.