Cyber defences need reinforcement
This article was originally written by Richard Roberts and published by Mining Journal.
An investment bank’s latest report on cyber security highlighting problems with conventional defences, and massive investment in technology by vulnerable corporations, also underlines looming challenges for industries in an awkward stage of transition. The mining sector is among them.
Morgan Stanley has added its voice to what has become a commentary chorus critical of so-called layered defence architectures that have “proven insufficient in preventing breaches”. The bank’s analysts said cyber security architectures needed to evolve to better assess risk, find breaches, and automate functionality.
“We see several shortcomings in the current defence-in-depth security paradigm — a layered security architecture largely focusing on creating a secure perimeter by stacking multiple threat prevention technologies,” Morgan Stanley said. Its February 2015 CIO survey found the increasing publicity and cost of recent breaches had driven security to the top of chief information officers’ priority lists, with security spending growth intentions trending up this year.
The shortcomings included information overload which would in many cases continue to overwhelm largely manual threat response processes.
Morgan Stanley said an increasing convergence of ‘big data’ and security themes in future could in fact see many big data technologies “being focused on the security use case”.
“Security networks need to be smarter, incorporating more predictive analytics and permissioning,” it said. “However, high labour intensity of current security solutions prevents more advanced tools from being used.
“One of the biggest gating items to making security more intelligent – and effective – is the labour constraints of security departments. They are receiving too much data from too many tools and simply don’t have the capability to process all of them.
“Automating older deterministic security functionality to better identify the ‘needles within the haystack’ would make existing security infrastructures more effective and allow more resources to focus on new probabilistic solutions.”
Accounting firm Deloitte has said the amount of customer information, commercially sensitive research and development data, blue prints and intellectual properties stored electronically by mining companies was growing rapidly. “A cyberattack exposing these as well as financial data or market intelligence could be particularly damaging to a company’s competitiveness,” the firm said.
More operations and assets were also being controlled electronically.
“Mining companies are increasingly relying on computer controlled systems and networks. Causing disruption to these would not only result in revenue loss but for many companies, especially those operating in challenging geographic conditions, it could also lead to serious health and safety risks to personnel and damage to assets,” Deloitte said.
Mining’s transition to automated plant and machinery, and ultimately far less manual data reporting and processing systems, is a work in progress for even larger companies. For most, operations and information technology convergence is at a formative stage.
“Criminals are attracted to the sector because of the massive cash flows on investment,” said leading financial services group, EY.
“They understand the increasing dependence mining and metals has on technology, and are actively looking for ways to threaten the denial of access to data, processes and equipment.
“With the trend toward remote operation to improve cost efficiency, there is a convergence of IT and OT. This provides cyber hackers with an access path to the operation systems from the internet. OT systems are inherently less secure as many old systems were not designed with security in mind.” (Interested in the IT/OT Convergence? Join Austmine in Brisbane on 19 - 20 May for our biennial conference which includes a focus session on IT/OT!)
Morgan Stanley said while security spending across industries continued to rise, threats and breaches were continuing at an increasing rate.
“Security spending has been one of the fastest growing areas of technology in the past few years, with security products and services revenue expected to reach almost US$55 billion this year, over 6% growth from the previous year.
“With the average cost of a data breach rising to $5.35 million over two years, organisations are compelled to spend to counteract those threats.”
This article is just one example of the many quality articles and opinion pieces created by and published on Mining Journal every week. To subscribe, go to www.mining-journal.com. Austmine members receive 10% off the price of annual subscription!