67%

of mining respondents said that their data security measures would need a complete overhaul to be fit for IoT deployments

To successfully hack a mining business would be a major scalp for a would-be attacker and the sector faces threats from a whole range of actors with very different objectives and motivations to cause harm. While the risks from cyberespionage, environmental groups, online warfare from state-sponsored groups and even just common criminals have increased, the mining industry has also become more vulnerable due to a range of structural changes to the way it operates in recent years. In this context, the advent of IoT-based tools and wider digital transformation poses significant data security challenges that must be rapidly addressed.

Organisations taking a digital-first approach to their innovation and operations stand to gain significant advantage over their competitors, but without the right security in place, any digital-first initiative will likely come crashing down before gains can be made. Our research uncovered that mining businesses are aware of the threats that they face and 94 per cent thought that their approach to cybersecurity could be improved with 67 per cent also stating that their data security measures would need a complete overhaul to be fit for IoT deployments.

Which statement best describes your view of data security and IoT? (%)

67% We will need to rethink our approach to data security and make heavy investments to meet IoT security requirements
31% The use of IoT will mean that we need to evolve our data security measures but this will be straightforward and not involve significant resource investments
2% It creates no new challenges for us and our existing approaches to data security are adequate to meet IoT security requirements

To what extent do you agree with the following statements when it comes to your organisation's security and the use of IoT?

My organisation's processes to combat data mishandling could be stronger:

My organisation's processes to combat cyber attacks could be stronger:

Strongly agree
Agree
Disagree

The increasing risk from cyberattacks can be traced around four main events: the increased centralising of functions and merging of IT and OT (operations technology), an increase in government led cyberattacks for commercial sabotage or cyberwarfare, the rise of environmental hacktivism, and the mining sector’s increased dependency on technology to operate profitably.

Improvements to computing and network infrastructure technology has allowed mining businesses to rationalise costs by centralising functions wherever possible across their supply chains. The use of more sophisticated systems and networked connectivity has enabled a globally disparate workforce to be more easily directed centrally and to work together over different regions. Alongside this development has been the ongoing convergence of information technology with operations technology. Where OT supports the physical value creation and manufacturing processes, IT combines the technologies needed for information processing. There are many benefits in business efficiencies to blending these two areas, however, a key difference between IT and OT is that the latter tends to be much older, having been deployed with a longer life expectancy to meet returns on investment than most IT systems. The result is a greater risk of access from hackers to older systems that were not designed for today’s security challenges.

Mining is a major contributor to national infrastructure and in many parts of the world operations are state owned.

The sector is therefore of political interest and as intelligence agencies and the military have improved their hacking capabilities, the mining sector has never been at greater risk of attack.

 

Firstly, states have directed their intelligence agencies to hack into competitors to their own state-run companies with the aim of stealing commercial knowledge for their own use, or to gain intelligence that can give them an advantage in contract negotiations. Secondly, state actors have sought to deploy malware to disrupt operations and weaken political/state opponents.

Another distinctive threat faced by the mining industry is from environmental groups and individuals prepared to act illegally to further their campaigning objectives. Despite the efforts of the mining industry to meet the needs of all their stakeholders, the environmental lobby remains active in many parts of the world, trying to disrupt operations. In previous decades, many groups would try to physically infiltrate mining land and attempt to gain media exposure by destroying plant machinery and occupying sites to prevent mining operations. Today, they can have a more significant disruption and media attention through hacktivism.

 

The final challenge comes from the increased dependency the sector has on data for its operations and profitability. The impact of a data breach on the operations of mining businesses becomes greater every year, meaning the risks of not having adequate security in place are also growing exponentially. Whereas 20 years ago a data breach would have been an inconvenience, today a mining company might grind to a complete halt, being unable to operate.

Less than half of organisations are investing in new security technologies to tackle this enhanced security threat.

— Joe Carr, Director, Mining

Our research suggests that mining organisations need to move faster to counter these challenges. While two thirds felt that their IT security needed a complete overhaul, when asked what specific measures were being taken, the response was somewhat muted.  Less than half of organisations are investing in new security technologies to tackle this enhanced security threat, and innovations such as IoT are rarely accompanied by the full complement of security measures that are necessary to protect the various vulnerable points that these technologies open up.

What has your organisation done / planning to do to tackle potential security concerns? (%)

Invest in new security technologies
Upgrade existing security technologies
Partner with a third party
Communicate to customers on the use of IoT
Train employees on IoT
Create an internal IoT security policy
Hire skilled staff
Create an external IoT security policy for partners
We have not done/do not plan to do anything

While there is a focus on investing in new technologies of upgrading existing security technologies, there are a lot more softer measures that can be undertaken in improving the policies and processes of employees and partners, and how they handle data. A more rounded approach to data security needs to develop in the short-term as more IoT solutions are deployed. A failure to do so, could be catastrophic.

Press enter or esc to cancel