It is impossible to overstate the importance of mining for Australia's economy. Yet, this also makes mining organizations attractive targets for cybercriminals. In this industry event for the Western Australian mining sector, we explored the risks, as well as strategies to stay secure.
Mining's Economic Significance
Mining is one of Australia’s most important industries. According to the Australian Bureau of Statistics, mining delivered 10.4 percent to the Australian economy in 2019-2020, making it the largest economic contributor with a $202 billion GDP.
However, with such size and economic significance comes added risks. Cybercriminals are actively targeting mining organizations precisely because of the critical role the sector plays in the national economy. They understand that any disruption to mining would have widespread consequences for the Australian economy – making mining companies attractive targets for a range of cyberattacks.
Insights from the First Tuesday Cluster Event
That was the message at a recent First Tuesday Cluster event organized by METS Ignited, the industry-led growth center for the Mining Equipment, Technology, and Services (METS) sector.
Hosted by METS Ignited Cluster Development Manager, Alan Fenelon, the panel discussion explored a range of cyber topics currently impacting the mining industry, including:
Does automation and standardization in mining increase the risk of cybercrime?
What are the minimum ‘must have’ cybersecurity strategies for the mining sector?
How is cybercrime impacting tier 2 and 3 miners?
What does excellence look like in Operational Technology (OT) network security?
What to do in the event of a cyberattack?
Key Takeaways
Small businesses in Western Australia have lost approximately $150m so far this year through cyberattacks. The risks facing medium/large businesses are even greater.
Despite many organizations working to uplift their cyber resilience, there are still too many businesses that remain complacent about the risks of a cyberattack, thinking they won’t be targeted, despite clear evidence that any organization may become a victim of cybercrime.
Many organizations remain exposed to cybercrime due to vulnerabilities in their digital supply chains. This exposure is not as widely understood as it should be. With almost every organization now making use of third-party applications and APIs, any breach in any of these systems could allow cybercriminals to gain entry to a business’ internal corporate network.
COVID-19 has opened up a wealth of opportunities for cybercriminals, particularly with so many employees now working from home. Through the use of residential Wi-Fi routers or personal computers, employees may be exposing their employer’s corporate network to malicious actors.
There is no silver bullet when it comes to securing an organization from cyber risk. Due to cybercriminals constantly adapting their tactics, a multilayered approach is essential to stop cyberattacks. Any multilayered approach must include staff training, rigorous processes around information security, and technologies that can act as a final layer of defense.
Organizations should not rely on cyber insurance. Premiums are rising, it is becoming increasingly difficult to obtain, and payouts in the event of a breach may be unlikely as pricing lost data is exceedingly difficult.
Organizations need to prioritize cybersecurity, just as occupational health and safety were prioritized by businesses 20 years ago. However, with the cyber risks rising rapidly, time is of the essence.
Panel host, Alan Fenelon, summed up the event with an important question:
Assuming both cybercriminals and organizations had unlimited resources in the cyber war, who would win?
The unanimous answer was: Cybercriminals. While an organization needs to be successful 100% of the time, a cybercriminal, with nothing to lose, only needs to succeed once.
Preventive Measures with Eftsure
Throughout my time at Eftsure, helping organizations avoid major financial losses due to a range of cybercrimes, including invoice redirection scams and Business Email Compromise attacks, I have seen firsthand how many organizations struggle to fully grasp their exposure to these types of risks. All too often, it is only after an organization has experienced an attack of this nature, that they then embrace systems to prevent it happening again.
But why wait until you’ve been attacked?
By taking pre-emptive security measures, such as integrating Eftsure into your accounting processes, you can avoid the serious financial losses, as well as reputational damage, that results from a cyberattack.
Contact us to learn more about Eftsure. Our unique fraudtech solution is designed to help ensure your organization has the technology in place to stop many of the most common and financially disastrous cyberattacks.
About the Author
With an extensive background helping businesses assess and mitigate risk at PwC, I now assist organizations with preventing a range of cyber-threats, including invoice redirection scams and Business Email Compromise attacks, in my capacity as Eftsure's Business Development Manager for Western Australia.
Mary Italiano
