Gold-copper producer Evolution Mining (ASX: EVN) this week became the latest in a spate of high-profile Australian companies to report a data breach.
Earlier this year it was the turn of Northern Minerals (ASX: NTU), MediSecure, Ticketmaster, Shell Australia and Telstra (ASX: TLS). Last year Rio Tinto (ASX: RIO), Woolworths (ASX: WOW) and Optus confirmed they had fallen victim to cyber-attacks.
According to a threat report by global cybersecurity AI leader Darktrace, the soaring popularity of Malware as a Service (MaaS) and Ransomware as a Service (RaaS) means we should expect a lot more cases. MaaS and RaaS are, essentially, off-the-shelf products or suites of products purchased from the dark web. In some cases, they even offer subscription-based income streams.
The primary form of delivery is through phishing emails. To put this into perspective, in the past six months alone about 3600 phishing attacks were launched every hour. More than half of these broke through all security systems and email filters to land in inboxes.
In other news this week:
- Bricklaying robot maker FBR takes a giant step towards a lucrative US JV with global building products giant CRH
- AVESS Energy signs MOU with Windimurra vanadium proponent
- All the action from Diggers & Dealers
Northern Minerals and Evolution were both victims of ransomware attacks. Ransomware infiltrates a computer system to encrypt or exfiltrate sensitive information (or both) and, as the name suggests, its perpetrators demand a ransom for its return.
It is the most insidious and impactful threat to businesses.
Northern Minerals was made aware of the breach in late March and set about its mandatory reporting requirements. In mid-June, Northern Minerals’ key heavy rare earths partner Iluka Resources (ASX: ILU) said it caught a cyberattack before any damage could be done. The company was not required to report the incident but chose to speak out against the perpetrators, which it believed were of Chinese origin.
This week it was Evolution’s turn. Evolution said it was made aware of the attack a week earlier.
When it comes to disclosure, the ASX’s May update to Guidance Note 8, particularly around specifics of when cyber incidents should be reported, sheds some light on what seems to be an opportunistic approach by the threat actors.
During his keynote speech at last week’s Diggers & Dealers Mining Forum in Kalgoorie-Boulder, former Ambassador to the US Kim Beazley made an impassioned plea to the Federal Government for stronger safeguards for the mining industry – including some well-received, albeit misguided, finger-pointing.
Darktrace echoes this, noting the lack of regulatory and general government support played a critical role in leaders’ “pronounced lack of confidence”.
There is also a heightened sense within the cybersecurity industry that Australia is becoming a geopolitical target, with nearly 80 per cent of Australian security professionals believing their organisations are unprepared to face the next generation of threats – compared with about 60 per cent of their global counterparts.
Geopolitical or not, cybercrime is big business. In 2023, there were more than 400 data breaches reported in Australia, costing on average $4.26 million each.
The importance for companies to get the right mix of cybersecurity services was made painfully clear late last month when a line of bad code from a CrowdStrike update grounded transport and infrastructure systems around the world.
In this instance, human error was to blame though it once again laid bare the fragile and interconnected state of the global cybersecurity systems.
A week on from Diggers & Dealers, it is worth reflecting on three days of action from Australia’s most important mining investment conference. The lead-in suggested this year’s event would be dominated by talk of critical minerals survival tactics and a soaring gold price.
True to expectations, Kim Beazley’s keynote speech reverberated around the Goldfields Arts Centre as some of the industry’s heavyweights took to the stage on Day 1. By Day 2, some of the emerging stories including Northern Minerals and a niobium surprise packet in St George Mining (ASX: SGQ) captured much of the attention. Before we knew it, it was time to celebrate the winners of this year’s talkfest at the Day 3 gala dinner – and the choice of winners did not disappoint.
Having a clear message is important. Getting it out there is just as important. Contact the Investor Insight team to make sure your message is heard by your target audience.