Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Smart mining and cyber risks

Issue 5 2021 Editor's Choice

Increasingly, companies are looking to adopt smart technologies to optimise production and decision-making in order to create businesses of the future.

However, as reliance on autonomous and digital technology grows, so too does the risk of cyber-attacks.

As technologies become more interconnected, the potential cybersecurity threats and attack vectors are growing. The consequences of these threats can be severe, resulting in production and revenue losses, regulatory fines, reputational damage, as well as the shutdown of critical infrastructures.

This has been further compounded by the complexities and uptake of smart systems that use advanced technologies such as machine learning and the Internet of Things (IoT). Termed ‘Smart Manufacturing/Smart Mining’, South African industry leaders recognise that the terms encompass everything from artificial intelligence (AI) to robotics and cybersecurity.

PwC has issued a point of view on emerging cyber threats in the mining and manufacturing industries, with a focus on South African and other Africa-based organisations.

Although there are considerable benefits in the convergence of these advanced technological systems and the operational technology that makes up the backbone of the sectors, it is important to note that the reliance on such connected and Internet-dependent systems is not without its own risks.

Junaid Amra, PwC forensics technology solutions leader says: “Organisations in the manufacturing and mining sectors face a myriad of different cyber threats. A number of organisations have not been paying enough attention to these threats. They are also not prioritising the implementation of the appropriate mitigation strategies, whilst threat actors are starting to take an interest in organisations operating in this space.

“Due to the increasing level of technology adoption, the consequences of attacks on organisations in these sectors can be far-reaching and potentially devastating. It is therefore important for businesses to understand key risk areas, attack vectors and vulnerabilities to ensure that they employ the correct controls to improve security and protect their assets.”

The technologies most targeted by attackers within these sectors are Industrial Control Systems (ICS). ICS are embedded computer devices that are responsible for a myriad of automated process controls in industries (e.g., measuring instruments, packaging machinery and all other components of an assembly line that make parts of any production process.

Amra adds, “The Covid-19 pandemic has further exacerbated the problem of cyber-attacks. According to international research there was an uptake in intrusion activity in the manufacturing sector in 2020, as well as several cybersecurity incidents in some country’s mining and resources sectors.”

PwC’s paper highlights the different threats to ICS technologies and the profiles of the actors perpetrating these attacks. It also focuses on notable incidents to help demonstrate the complexity and subsequent impact of ICS attacks.

Attacker tactics, techniques and procedures

PwC’s global Threat Intelligence practice recognises four types of motivations driving attackers, namely espionage, hacktivism, terrorism/sabotage and organised crime. There are also a range of different tactics, techniques and procedures used by each attacker. This not only determines the impact of each attack but also the means by which organisations are targeted and subsequently compromised. It is also notable that insiders can be part of any threat group.

Organisations who are mindful that a security breach can take several different forms and originate from several different places are in a better position to imagine ways of implementing the correct defences. It is important to note that local regulator stipulations and disclosure laws play a major role in the number of incidents that are reported and as a by-product, known to the public.

Motivation and attack vectors

Espionage has been growing as one of the driving forces behind cyber-attacks in the manufacturing industry. Cyber criminals gain access to the networks of businesses in the sectors with the aim of stealing trade secrets and intellectual property. However, PwC research revealed that although in 2020 there was a notable up-tick of espionage-motivated incidents as compared to the same period last year, most of the attacks have predominantly been financially motivated (63-95%).

The company has also drawn on its experience conducting cybersecurity assessments and penetration tests from across our global network to identify the most common security vulnerabilities in OT/ICS networks. The most common attacks identified by PwC’s incident response teams over 2019 and 2020 were: infiltration of insecure email platforms following cloud adoption, phishing and insecure remote access platforms (VPN, remote login).

Ransomware

Once attackers have a foothold in an organisation, the tools and tactics used by them are usually designed to monetise their attacks by the simplest means possible. An example is ransomware, which is a type of malicious software (malware) that holds your systems or data to ransom.

Globally, PwC has tracked ransomware attacks across various industries for 2020. Of these, 17% affected the manufacturing sector, but no data appears to have been advertised from the mining sector. Based on experience, the nature of attacks in the mining sector have largely been focused on electronic payment fraud, industrial espionage and sabotage. Data available for the African continent is limited, however PwC believes this to be a representation of how susceptible African organisations in the sectors are to these types of attacks.

Potential impact

Cyber-attacks are becoming more pronounced as technology is embedded in operational processes. Apart from the loss of data and intellectual property, the risk to the core business operations becomes heightened and could lead to severe disruption through cyber-attacks. In addition, safety, health, environmental and quality (SHEQ) systems could also be affected as there is a growing dependence on smart devices to support these processes and functions.

Amra concludes: “Organisations in the mining and manufacturing sectors need to embed a safety culture against potential cyber-attacks; organisations should have plans and processes in place to prevent, respond and recover from a potential attack. The likelihood and consequences of a cyber-attack should not be downplayed. When it comes to cyber security, the time to act is now.”

Find out more at www.pwc.com




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Standards for fire detection
SAQCC (Fire) Editor's Choice Fire & Safety Associations
With the increased number of devastating fires reported throughout South Africa, adequate and suitable fire detection cannot be overstated. SAQCC Fire will publish a series of articles in SMART Security Solutions to provide insight into fire detection requirements and importance.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
The best of local and international
Technoswitch Fire Detection & Suppression Editor's Choice
SMART Security Solutions speaks to Technoswitch’s Managing Director, Brett Birch, to learn more about the company and how it serves the fire safety market in South and sub-Saharan Africa.

Read more...
Surveillance on the perimeter
Axis Communications SA Hikvision South Africa Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Cameras have long been a feature in perimeter security, with varying reports of success and failure, often dependent on the cameras’ planning, installation and configuration, as well as their integration with other perimeter solutions and centralised management platforms.

Read more...
Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...
Visual verification raises the security game
Technews Publishing Inhep Electronics Holdings Videofied SA Editor's Choice Perimeter Security, Alarms & Intruder Detection
Incorporating alarm signals with live surveillance footage, visual verification enables a human observer in a control room (onsite or offsite) to gain a clear understanding of the situation, thereby facilitating informed decision-making.

Read more...
The AX Hybrid PRO Series offers reliable wired and wireless protection
Hikvision South Africa Editor's Choice Perimeter Security, Alarms & Intruder Detection Products & Solutions
Hikvision has announced the launch of a new AX Hybrid PRO alarm system with innovative Hikvision ‘Speed-X’ transmission technology. This system offers reliable wired protection while delivering expanded flexibility with seamless wireless integration.

Read more...
A critical component of perimeter security
Nemtek Electric Fencing Products Gallagher Technews Publishing Stafix Editor's Choice Perimeter Security, Alarms & Intruder Detection Integrated Solutions
Electric fences are standard in South Africa, but today, they also need to be able to integrate with other technologies and become part of a broader perimeter security solution.

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.