Top 10 mining companies adopting cybersecurity measures
As the mining industry becomes increasingly interconnected through the use of IoT sensors, AR devices, autonomous vehicles, and drones, the need for strong cybersecurity measures is becoming more crucial. These technologies can greatly enhance mining operations, but can also cause major disruptions if they fall victim to cyberattacks.
We take a look at the top 10 companies adopting cybersecurity measures.
1. BHP
BHP considers cyber threats a top priority, closely monitoring its IT and OT systems. To enhance its cybersecurity, the company is growing its team of specialists, including security architects, incident response personnel, and forensic investigators. The company's employees are dedicated to identifying and responding to threats, as well as analysing past incidents to identify and address vulnerabilities in both its IT and OT systems.
2. Antofagasta
Antofagasta's approach to cybersecurity with the new cyber risks introduced by remote working. The company used this time to focus on the digital literacy of its employees. Around 2,200 employees took digital literacy courses with cybersecurity learning as a key focus. Around 10% of these employees even went onto more advanced courses addressing the overall cybersecurity skill shortage. In 2022, Antofagasta has also deployed private 5G networks to some of their Chilean copper mine sites in partnership with Nokia. The private 5G networks enable secure operations with high capacity and low latency.
3. Anglo American
Anglo American recognises the increased and almost daily threat from cyberattacks. The company has a global security team across Australia, the UK, Botswana, Brazil, Chile, Singapore, South Africa, and Spain. Fundamental to Anglo American's approach to cybersecurity is the focus on training current employees and future cybersecurity experts. This is most notably done through the company’s pioneering two-year cybersecurity apprenticeship to introduce new talent and address the overall cybersecurity skills shortage.
4. Fortescue Metals Group
Fortescue Metals Group is a leading iron ore producer, has implemented several cybersecurity measures to protect its operations. Some of these measures include, network segmentation to limit the spread of any potential breach; regular security audits and assessments to identify and remediate vulnerabilities; use of firewalls, intrusion detection systems, and other security technologies to detect and prevent cyber attacks; employee training programs to raise awareness about cybersecurity and minimise the risk of human error; and, partnerships with cybersecurity firms to access the latest technologies and expertise in the field.
5. Teck Resources
Trellix's solution has helped Teck Resources save a lot of time and money by helping to improve security operations and ease the workload of its security analysts. The XDR platform components provided by Trellix allowed Teck to respond to attacks more quickly, reducing the time needed to contain and clean up an attack from hours to seconds. This resulted in better protection against fast-moving attacks. Trellix also analysed outside intelligence and provided Teck with useful information to make informed decisions quickly. This helped Teck mount effective defenses against machine-speed attacks. Trellix's solution helped Teck "catch up" with attacks and prevented widespread damage.
6. Nornickel
Nornickel views digital transformation as a critical aspect of its growth strategy, with a focus on both improving production and benefiting communities. However, the company recognises the importance of securing its IT infrastructure against cyber threats, as these could disrupt industry and social infrastructure across entire regions. This requires a collaborative approach between the public and private sectors. The company tracks its cyber security performance through its information security management system and assessment reporting. Corporate level evaluations of the performance of the cyber security systems are conducted, and the results are shared with governance bodies and employees through established procedures and initiatives.
7. Kinross Gold
For Kinross, a dedicated team of IT cybersecurity professionals manages the IT security risk processes and IT security operations. Kinross manages its IT security risk globally using a centralised, risk-based approach. This approach is based on the principles of ISO 27001 and NIS. Kinross' Vice President of Information Technology oversees the company's IT and cybersecurity program and is accountable to the Executive Vice President and Chief Financial Officer, who is part of the Senior Leadership Team and has executive responsibility for IT and cybersecurity. The Audit and Risk Committee of the Board of Directors regularly reviews IT security risks, and receives updates from management on a quarterly basis. The ARC conducts an annual in-depth review of the company's privacy and data security risks, as well as the measures in place to safeguard the confidentiality, integrity, and availability of its information systems and data.
8. South32
South32 consolidates its innovation, improvement, and technology initiatives into a single system to keep track of ongoing projects, prioritise effectively, and enhance safety and productivity. The company emphasises user experience, productivity, and service delivery, while investing in network connectivity and core platforms.
9. Nippon Steel
The company offers e-learning opportunities on security, and training sessions on targeted attack e-mails, to promote employees’ enhanced IT literacy and resultant sensitivity to cybersecurity. Moreover, in addition to the conventional centralised cybersecurity, Nippon Steel is implementing the latest security measures that incorporate the Zero Trust concept to always verify security before being connected. The Nippon Steel Group - Computer Security Incident Response Team (NSG-CSIRT) has steadily increased the number of member companies to 17.
10. TATA Steel
TCS' Cyber Security services prioritize data privacy, regulatory compliance, and protection against harmful attacks. These services have become increasingly important during the lockdown, specifically in areas such as GDPR compliance and security clearance for associates providing services. To stay ahead in the security technology game, TCS is establishing Threat Management Centers globally.
Santha Subramoni, global head – TCS Cyber Security, says, “These centres will focus on providing cyber security solutions and services, including managed detection and response services, incident management and breach support, on-demand cyber vigilance services, digital forensics and regulatory compliance.”
