Following the global ransomware attack in May that affected 12 Australian businesses, the need for tougher security protocols remains stronger than ever, particularly on mine sites.
Deloitte’s 2017 Tracking the Trends report outlines that the normalcy of innovation, the increasing amounts of data moving to the cloud and the convergence of information technology (IT) and operational technology (OT) increased the potential exposure to online threats.
Deloitte Australia national mining leader Nicki Ivory told Australian Mining the industry as a whole lags behind other industries when it comes to cyber security.
She said it was particularly dangerous to use legacy systems that are not equipped with the latest security requirements as they are the most prone to cyber attacks.
“Anyone who has those legacy systems and hasn’t got them kept up to date is vulnerable [to attacks], but its probably even more of an issue for the mining industry because it is notoriously bad at keeping up to date with digital trends,” Ivory said.
However, Ivory highlighted that there is a digital revolution happening in the mining industry, with a growing adherence to digital systems and technologies. She particularly referred to the use of sensors – which have become cheaper – that are able to track everything in real time and feed the data to operation systems.
Within this digital revolution is the rise of automation, with the growing development of autonomous mine vehicles.
Ivory said operators should not fear using these systems because of threats of possible hacks. She said the use of these vehicles should run in conjunction with security protocols.
“Your security protocols need to be developed in parallel to developing the autonomous vehicle program so that when you implement it, you have your security systems ready to go at the same time,” she said.
“So as long as you do it in a planned and organised way, there’s no need to fear autonomous vehicles any more than you’d fear any other system you have in your company.”
Ivory added that highlighted that emails are one of the easiest ways viruses can enter a company.
“Your human interface is by far your biggest risk,” she said. “You have to have your entire security protocols up to date.”
Tightening up security
Ivory reinforced the importance of strengthening security systems, with techniques such as updating firewall security and segmenting networks so they don’t have end to end networks that all speak to one another.
“Put segments in place so that you can control the damage if something does get in,” she said.
Ivory also highlighted the need for for operators to be vigilant about what is happening with their operating systems and to find ways to know when something usual has entered it.
“There are obviously quite sophisticated ways that companies can do that nowadays for example enlisting the help of a 24/7 cyber response centre that can not only monitor where things get in, but also what threats are out there so you can quickly shut them down to protect yourself.”
Having a proactive mindset towards cyber security was another key point Ivory brought up – one that companies are still slow to act on, she said.
“We’re not finding companies acting as much on this as we would think,” Ivory said.
“On the whole, we’re seeing board members really worried about it, but its not number one on management’s priority list.”
The Deloitte report highlighted four strategies companies can employ to enhance their cyber security:
- Strengthen traditional security protocols: This is through enhancing firewall security, restricting administrative access to systems, and implementing endpoint protection and segmenting networks so hackers only access a few segments.
- Become more vigilant: Through employing security information and event management solutions or engaging 24/7 cyber response centres
- Cultivate resilience: When a breach occurs, companies should have technical and incident response protocols, akin to a safety incident report. There should be systems in place to communicate the responsibilities of each stakeholder so that there is a cross-functional response.
- Prepare diligently: As cyber threats become more complex, there is a great need for companies to be more aware and prepared. This can be through training staff on safer computer practices or appointing a chief information security officer.