Cybersecurity is everyone's business

November 30 is International Computer Security day, celebrated around the world as a reminder that we need to stay alert and take care of ourselves online. Our own IT department tells us more about this topical issue.

We could very well say that, to quote a cliché, every day is Computer Security Day. It’s an around-the-clock business, in fact. In these times where the digital transformation process is constantly throwing up challenges, where the world is at our fingertips and we’re just one click away from anyone we want to see or hear, we need to be more cautious than ever. There’s no exception: everyone is exposed to situations with the potential to affect the vulnerability of their information since we currently handle all our transactions through the Internet. The gravity of a situation getting out of control and escalating in the case of a company like Tecpetrol, which produces a critical resource for the country, could be devastating: any deviation in its production could have a major impact on most of the country's productive industries.

In the context of an earlier International Computer Security Day, Tecpetrol Hoy talked to Santiago López Galanes, IT Cybersecurity Senior Manager, and Fernando Piñero, IT Cybersecurity Lead Engineer. They’re on a team that works day and night to keep a close eye on the company’s network, servers and connections, to prevent the risk of an attack. They’re also the masterminds who came up with the company’s awareness campaign focusing on talks, conferences and actions about online security, for different areas in the company.

To bolster security and ensure people can act as the first line of defensethe IT Cybersecurity area launched an awareness program featuring talks, conferences and actions in the company’s different areas.

The program starts from a specific premise: according to studies carried out by a major international cybersecurity company, 85% of the cases of breaches involving leaks in organizations were due to the human factor, to a greater or lesser extent. That means that eight out of ten people did something that they shouldn’t have either by mistake or because they were induced. Santiago analyzes that "Hackers aren’t just lone wolves any more, it’s much less picturesque. Now they’ve got entire companies or governments behind them. That’s why we no longer talk about hackers but cybercriminals bent on stealing information to use it for extortion or even to directly affect a nation. We must exercise extreme caution, especially us at Tecpetrol, as we work in a critical area for the country: oil and gas production."


Fernando expands: “Our task is supported by three pillars: the confidentiality, availability and integrity of Tecpetrol's data. The digital world is constantly challenging us and information is one of our most vital assets as we depend on it to produce.” Santiago chimes in with, “In our industry there’s another pillar, Security: a cyberattack that threatens a plant can also affect the physical integrity of our colleagues.”


At Tecpetrol, cybersecurity plays a key role in the prevention of operational risks. This is why the company has invested so much time and money in a dedicated information protection strategy, managed by an in-house team of professionals who are exclusively centered on this task, constantly updating procedures to keep pace with technological developments.

Fernando explains that, “Our area works with many transparent and powerful tools,” and Santiago complements this with, “But we are also concerned about our people’s safety. That’s why, in September, we launched an awareness program to protect corporate information, create a cyber secure culture, and share tips, training and videos to help our users be alert to possible attacks and be able to report them to our team. Our objective is to turn them from being the weakest link into the first line of defense.”

Experience at Fortín de Piedra

Energy connects us