Photo by: Bloomberg
PERTH (miningweekly.com) – Mining companies operating in remote geographic locations have been urged to collaborate on threat intelligence in order to mitigate cyber risk.
Cybersecurity software company ESET chief security evangelist Tony Anscombe told Mining Weekly Online that a lot of global manufacturing companies were shifting to a threat intelligence model, a format that mining companies could copy.
“So not only do you have protections in place from a cybersecurity perspective, but also a threat intelligence structure that would help to identify techniques and tactics used by cybercriminals, as well as other indicators in your environment of things that have happened elsewhere.
“This might include malicious code, or the way an attacker has operated or used a vulnerability within a certain place, and you can start looking in your own system, start threat-hunting,” Anscombe said.
Advisory firm KPMG estimates that there is a cyberattack happening every 44 seconds around the world, with a cybercrime reported every seven minutes. In Australia, cybercrime claimed A$33-billion of lost value in 2020/21.
A survey by advisory firm Ernst & Young (EY) last year found that 71% of mining respondents had seen an increase in the number of disruptive attacks over a 12-month period, and 55% of mining and metals executives were worried about their ability to manage the threat.
Quoting data by Cybersecurity Ventures, EY expected that global cybercrime costs would grow by 15% a year over the next four years, reaching $10.5-trillion annually by 2025, up from $3-trillion in 2015.
Anscombe said that miners operating in remote geographic locations could effectively be operating in a standalone environment, and given the often weak connectivity in far-flung areas, it meant that protecting against a cyberattack in real-time, might not be possible.
“That’s certainly an issue from a cybersecurity perspective. Because if you can’t mitigate against an attack as it happens, or implement the right response as an attack unfolds, then it will be difficult to control.”
From a geopolitical point, mining operations could also represent valuable targets to cybercriminals, considering the potentially high impact an operational failure could have, Anscombe said.
“If you think of the disasters you have seen in the mining sector, not from a cyber-instance, but the mining disasters in general. Suddenly you have the entire world’s media watching, so it could easily become a nation State issue.
“Unfortunately, mining could be on the wrong end of that,” Anscombe said.