Cyber-Threats Facing Australia’s Mining Industry

Mining is one of Australia’s most important industries. According to the Australian Bureau of Statistics, mining delivered 10.4 per cent to the Australian economy in 2019-2020, making it the largest economic contributor with a $202 billion GDP.

However, with such size and economic significance comes added risks.

Cyber criminals are actively targeting mining organisations precisely because of the critical role the sector plays in the national economy. Cyber criminals understand that any disruption to mining would have widespread consequences for the Australian economy – making mining companies attractive targets for a range of cyber-attacks.

That was the message at a recent First Tuesday Cluster event organised by METS Ignited, the industry-led growth centre for the Mining Equipment, Technology and Services (METS) sector.

Hosted by METS Ignited Cluster Development Manager, Alan Fenelon, the panel discussion explored a range of cyber topics currently impacting the mining industry, including:

• Does automation and standardisation in mining increase the risk of cyber-crime?
• What are the minimum ‘must have’ cyber security strategies for the mining sector?
• How is cyber-crime impacting tier 2 and 3 miners?
• What does excellence look like in Operational Technology (OT) network security?
• What to do in the event of a cyber-attack?

Key takeaways from this important and timely panel discussion included:

• Small businesses in Western Australia have lost approximately $150m so far this year through cyber-attacks. The risks facing medium/large businesses are even greater.
• Despite many organisations working to uplift their cyber resilience, there are still too many businesses that remain complacent about the risks of a cyber-attack, thinking they won’t be targeted, despite clear evidence that any organisation may become a victim of cyber-crime.
• Many organisations remain exposed to cyber-crime due to vulnerabilities in their digital supply chains. This exposure is not as widely understood as it should be. With almost every organisation now making use of third-party applications and APIs, any breach in any of these systems could allow cyber-criminals to gain entry to a business’ internal corporate network.
• COVID-19 has opened up a wealth of opportunities for cyber criminals, particularly with so many employees now working from home. Through the use of residential wi-fi routers or personal computers, employees may be exposing their employer’s corporate network to malicious actors.
• There is no silver bullet when it comes to securing an organisation from cyber risk. Due to cyber-criminals constantly adapting their tactics, a multilayered approach is essential to stop cyber-attacks. Any multilayered approach must include staff training, rigorous processes around information security and technologies that can act as a final layer of defence.
• Organisations should not rely on cyber insurance. Premiums are rising, it is becoming increasingly difficult to obtain, and payouts in the event of a breach may be unlikely as pricing lost data is exceedingly difficult.
• Organisations need to prioritise cyber security, just as occupational health and safety were prioritised by businesses 20 years ago. However, with the cyber risks rising rapidly, time is of the essence.

Panel host, Alan Fenelon, summed up the event with an important question:

Assuming both cyber-criminals and organisations had unlimited resources in the cyber war, who would win?

The unanimous answer was: Cyber-criminals.

Whilst an organisation needs to be successful 100% of the time, a cyber-criminal, with nothing to lose, only needs to succeed once.

Throughout my time at eftsure, helping organisations avoid major financial losses due to a range of cyber-crimes, including invoice redirection scams and Business Email Compromise attacks, I have seen firsthand how many organisations struggle to fully grasp their exposure to these types of risks. All too often, it is only after an organisation has experienced an attack of this nature, that they then embrace systems to prevent it happening again.

But why wait until you’ve been attacked?

By taking pre-emptive security measures, such as integrating eftsure into your accounting processes, you can avoid the serious financial losses, as well as reputational damage, that results from a cyber-attack.

Contact us to learn more about eftsure. Our unique fraudtech solution is designed to help ensure your organisation has the technology in place to stop many of the most common and financially disastrous cyber-attacks.