Cybercrime a threat to automated resource firms
Data theft from highprofile hacks against companies like Uber and Equifax can cost consumers thousands of dollars, but resource companies worry about millions in damage, along with potential injuries and death, if their technology is compromised.
The thought of a multi-ton piece of equipment running amok or shutting down at a critical time in the resource gathering process is a nightmare scenario for chief information and security officers in the oilpatch and other resource-rich regions of Canada.
Cybercriminals are betting the company whose gear no longer obeys instructions would be willing to pay dearly to avoid such a situation.
“It’s no longer a bunch a pimplefaced kids in mommy and daddy’s basement — it’s organized crime,” said Daniel Tobok, CEO and coowner of Toronto-based Cytelligence, who says his company investigates 40 data breach attacks on private Canadian companies every month, often tracing the attacks to foreign hackers.
“It’s theft of intellectual property, it’s espionage, but it all comes down to money as a motivation.”
He estimates the attacks cost Canada $3 billion to $5 billion per year in proceeds to criminals, adding one Calgary energy company was forced to pay $200,000 in ransom three years ago to regain control of its corrupted digital production systems.
The rise of the so-called “Internet of Things” — in which machines communicate autonomously with each other — means companies are increasingly employing automation and remote control to drive bulldozers, diggers and heavy trucks, or control drilling and processing equipment. Such automation delivers labour savings but also presents more targets for hackers, making the overall system more vulnerable to cyberattacks.
“Somebody could actually die,” said Tobok.
In a recent report, accounting firm EY said the cybersecurity risk to mining companies had jumped to third in 2017-18, from ninth the year before, on a top 10 worst risk list because the “attack surface” is getting larger as connected IT and operational devices in a typical mine or ore transport system grow into the thousands.
Executives agree the threat is real but insist they can keep hackers at bay with automatic and manual shutdown systems, firewalls, limited internet connections and ongoing employee training.