July 2, 2021 - Consultancy firm PwC is cautioning mining and manufacturing entities to prioritise cyber security, as the sectors have become a preferred target of threat actors.
It says due to the increasing level of technology adoption, the consequences of attacks on these sectors can be far-reaching and potentially devastating, and it is urging vigilance.
The global consultancy firm says consequences of these threats can be severe, resulting in production and revenue losses, regulatory fines, reputational damage, as well as the shutdown of critical infrastructure.
The warning comes as local mining and manufacturing companies are increasingly leaning on technology as a result of the COVID-19 pandemic, which has accelerated the application of fourth industrial revolution technologies.
“The COVID-19 pandemic has further exacerbated the problem of cyber attacks. According to international research, there was an uptake in intrusion activity in the manufacturing sector in 2020, as well as several cyber security incidents in some countries’ mining and resources sectors,” says Junaid Amra, PwC forensics technology solutions leader.
“Organisations in the manufacturing and mining sectors face a myriad of different cyber threats. A number of organisations have not been paying enough attention to these threats. They are also not prioritising the implementation of the appropriate mitigation strategies, whilst threat actors are starting to take an interest in organisations operating in this space.
“It is, therefore, important for businesses to understand key risk areas, attack vectors and vulnerabilities to ensure they employ the correct controls to improve security and protect their assets.”
PwC says there are four types of motivation driving attackers, namely: espionage, hacktivism, terrorism/sabotage and organised crime; and the technologies most targeted by attackers are industrial control systems, which are embedded computer devices that are responsible for automated process controls.
“There are also a range of different tactics, techniques and procedures used by each attacker. This not only determines the impact of each attack but also the means by which organisations get targeted and subsequently compromised. It is also notable that insiders can be part of any threat group,” says PwC.
“Organisations that are mindful that a security breach can take several different forms and originate from several different places are in a better position to imagine ways of implementing the correct defences.”
Apart from the loss of data and intellectual property, PwC warns further that the risk to the core business operations becomes heightened and could lead to severe disruption through cyber attacks.
In addition, it says, safety, health, environmental and quality systems could be affected, as there is a growing dependence on smart devices to support these processes and functions.
“Organisations in the mining and manufacturing sectors need to embed a safety culture against potential cyber attacks – organisations should have plans and processes in place to prevent, respond and recover from a potential cyber attack. The likelihood and consequences of a cyber attack should not be downplayed. When it comes to cyber security, the time to act is now,” Amra cautions.