Mining & resources – Cyber security
With increasing pressure on mining and resources companies’ budgets, financial constraints on IT spending are adding further complexity to an already difficult task of protecting IT assets.
With information assets such a critical part of running a mining or resources business, cyber security threats pose one of the biggest risks in the resources sector. When risk is overlooked on a mine site, accidents happen and production stops; when risk is not understood within a mining company’s IT environment, the consequences are not always as obvious, but just as critical.
Traditionally, approximately 90% of a mining or resources company’s IT security budget has been allocated to preventative technologies, including firewalls, endpoint and content filtering technologies. Although an important part of an organisation’s security posture, the emphasis on these technologies does not always result in the risk reduction that the business expects from their investment. The solution? A balanced and strategic approach to information security to effectively and efficiently reduce risk.
However, implementing a cyber security strategy is not just about buying the right hardware and software. It starts by developing a security framework to understand the key risks involved, and putting processes in place to understand, measure and mitigate these risks. A key part of developing a security strategy is having the ability to collect information about the security environment to provide evidence of risk and to identify where current security controls are effective or failing. Having empirical evidence of the performance of the IT security environment will help to drive more information decision making on how to direct IT budgets to achieve the risk reduction a mining company requires.
Intalock can assist by implementing a comprehensive cyber security strategy. This will enable mining and resources companies to:
- Develop a security framework, by:
- Formulating a defined risk evalution and workflow to accept or mitigate risk
- Identifying areas where there are limited or no security controls
- Measure the performance of the security architecture, by:
- Understanding risk empirically
- Monitoring for compromise inside the perimeter
- Reduce risk, by:
- Quickly remediating incidents that slip through perimeter defences
- Identifying areas of the environment that are exposed
- Reduce costs, by:
- Identifying ineffective security controls where investment is out of line with the reduction in risk
- Identifying areas where compensating controls can be applied to reduce risk at lower cost
- Reducing time to remediation by quickly identifying problems and reducing downtime to the business