https://www.miningweekly.com

Miners beware growing cyber risk

17th October 2017

By: Henry Lazenby

Creamer Media Deputy Editor: North America

     

Font size: - +

VANCOUVER (miningweekly.com) – Cyber risk has increased in prominence on professional services firm EY’s annual ‘Top 10 business risks facing mining and metals’ report, jumping to third position from ninth in 2016.

According to EY's report, which was published on Tuesday, cyber risk is an ever-growing issue – an outcome of increased digital transformation and the convergence of information and operational technologies, as well as continued rogue activity in the sector.

“With the increasing investment in digital and reliance on control systems for efficient operations, the attack surface is only getting larger. Having a clear digital road map that is cognisant of cyber risk is fundamental, as it is not a matter of ‘if’ but ‘when’ an attack might strike. It is critical that mining companies accelerate their cyber programmes to meet, and head off, these risks,” EY stated.

UK-based audit, tax and advisory firm Crowe Clark Whitehill head of forensic and counter fraud services Jim Gee pointed out to Mining Weekly Online that mining companies often hold valuable intellectual property, such as proprietary methods to process ore, valuable information about the extent of reserves on new claims, and/or highly confidential and sensitive information about pending mergers and acquisitions, which cybercriminals can use to steal or extort money, or to take personal and financial information about employees, clients and suppliers and use in unlawful ways.

“They may be targeted by malicious actors with specific intentions to target the sector and/or particular organisations and mining sites. It is inevitable, a question of ‘when and how’ rather than ‘if’. The scale of the impact depends, to a significant degree, on how well a miner is prepared, that is, how resilient the organisation is,” Gee said in an email to Mining Weekly Online.

He added that resilience to cybercrime is a mix of security and planning for when the inevitable attack happens. He explained that it is not good enough to hope a cyberattack will not happen.

“It is important for miners to recognise that cybercrime is a fact of life.”

HOLISTIC APPROACH
According to Gee, cybersecurity involves strengthening defences to prevent a breach from occurring. “It is impossible to achieve 100% protection, so forward-thinking companies focus on cyber resilience. Resilience involves being prepared for a cybercrime and data protection issues, accepting that it might happen at some stage and having plans in place to manage, mitigate and recover quickly,” Gee advised.

Importantly, he said that improving cybercrime and data protection resilience does not have to be expensive. Several straightforward steps will protect businesses from 90% of the most common cyberthreats.

Gee explained that there are two sides to cybercrime and data protection resilience – before a breach and after a breach. Crowe has created its own process for tackling fraud, which involves two key steps: pre-emptive preparations and reactive preparations.

Under the first step, Gee advised that miners have to establish their specific unique vulnerabilities and the extent to which it is prepared for an incident. “This is an important step, as different organisations will have different vulnerabilities. Comprehensive diagnosis enables a proportionate response.”

The next stage is to address a miner’s vulnerabilities and strengthen its protection levels. This involves developing tailored action plans that include prioritised recommendations allocated to specific organisational functions or named individuals, he explained.

TIME CRITICAL
Gee stressed that, in the event of a cybercrime and/or data protection breach, it is important that a miner reacts quickly. “If support from third parties, for example specialist IT firms, is necessary, then agreements should be put in place in advance of an incident. Days lost attempting to find a firm with the right expertise, agree a fee, and arrange a contract are days during which an incident is not being contained,” he pointed out.

When an incident occurs, miners need to act quickly to stop it, contain the incident, and recover normal operations.

“In parallel with the incident triage, a professional investigation of the incident needs to take place. This is another important stage of a miner’s response, helping to find out what happened, how a reoccurrence can be prevented and how negative impacts can be minimised,” he stated.

In the event of an incident, it is important that miners respond in a proportionate and considered way to avoid unnecessarily severe legal and financial consequences.

Gee advised that the key is to be cyber resilient and do more than focus on security.

Miner-specific points to bear in mind include:
• Reliance on a variety of contractors, subcontractors and agency staff, introduces cybercrime risks. Consider what systems staff have access to and whether permissions can be restricted as appropriate for different groups;

• IT infrastructure at mine sites will vary, and what works well at one location may not work at all at another. Conduct penetration testing on at least an annual basis at each mine site;

• Employees are often the weak point of any cybersecurity system. Employees may be targeted by cybercriminals in an attempt to circumvent security measures. This could include the provision of free memory sticks at industry conventions that include malware eventually introduced onto company systems. Employees should be educated about the risks, and measures introduced to prevent the most common mistakes from being made.

Edited by Samantha Herbst
Creamer Media Deputy Editor

Comments

The content you are trying to access is only available to subscribers.

If you are already a subscriber, you can Login Here.

If you are not a subscriber, you can subscribe now, by selecting one of the below options.

For more information or assistance, please contact us at subscriptions@creamermedia.co.za.

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION