Mining and metals companies have become a priority target for cyber hacking and information systems security breaches, says a new report by EY’s Global Information Security Survey.
Cyber security breaches are now recognized as one of the top risks in the sector, says the EY report Cyber hacking and information security: mining and metals.
The centralisation of many business functions across the supply chain as a result of increasing mining company cost rationalisation has made mining firms easy targets. The centralisation of business functions “has translated into the need for a more sophisticated IT system and network infrastructure to connect the geographically diverse workforce, which increases an organisation’s exposure to, and dependence on, the internet,” said EY.
“With the trend toward remote operation to improve operational integration and cost efficiency, there is a convergence of IT and OT [Operations technology] which provides cyber hackers an access path to the operations systems from the internet. Further, OT systems are inherently less secure as many old systems were not designed with security in mind,” EY observed.
Meanwhile, mining companies also face possible threats from the intelligence agencies and the military of sovereign states and their funded “unofficial affiliates,” who have become increasingly active in cyber warfare to target key industries, “posing a real threat to mining and metals organisations,” said EY.
“The objective may be the passive collection of commercially sensitive intelligence to assist national or state-owned companies in contract negotiations,” EY acknowledged. Nevertheless, “the possibility of it being more sinister, with the use of malware to incapacitate important facilities…should not be ruled out.”
“It is worthwhile considering the impact of disabling a remote operations center which controls trucks, drills, trains, ship loaders, mills or concentrators, or even individual physical equipment being disabled,” said EY.
Activists’ use of cyber hacking to pursue a political agenda “is a real risk in today’s operation environment,” warns EY. More militant and extreme activists can turn to cyber-attacks “to disrupt mining and metals companies’ activities, expose confidential information and create communications mischief, such as defacing websites or triggering false announcements.”
EY’s Global information Security Survey 2013-2014 found that 41% of the mining and metals survey respondents had experienced an increase in external threats over the past year, with 28% experiencing an increase in internal vulnerabilities.
“Surprisingly, 44% of the mining and metals survey respondents indicated that their organisations do not have a threat intelligence program in place and 38% only have an informal one in place,” observed the report.
“This leaves them unprepared to identify a cyber-attack or information security threat. It also means that these organisations would not have the benefit of obtaining early earnings or being prepared for breaches, potentially increasing the impact.”
Among the steps mining companies can take to combat cyber hacking and increase information security are: making information security a board-level and senior management priority; identifying interest groups who would benefit from access to a mining organisation’s systems and information; assessing current systems and understanding their vulnerabilities; understanding the laws and regulations that help protect a mining organisation from a cyber-attack and building a relationship with the agencies that enforce them; and creating a cyber-threat or attack response protocol.
This article originally appeared in full on Mine Web. To read more daily international mining news and finance click here.