How mining companies are tackling cybersecurity challenges

Teck Resources, a Canadian mining company, handles vast amounts of sensitive data, which needs robust cybersecurity. Despite having a cybersecurity defense system, it struggled with data overload, making threat identification difficult. The company needed faster, automated responses to cyber threats, as manual intervention was unsustainable given the urgency and complexity of modern cyberattacks. 

Partnering with Trellix, a cybersecurity company specializing in endpoint, cloud, and application security, Teck adopted Trellix's extended detection and response (XDR) platform. This platform detect security incidents, blocks inbound email, network, and endpoint attacks, and automates investigation workflows.

South32 is an Australian mining and metals company. Its board of directors and stakeholders are located across the globe and often need to communicate confidential commercial information. In addition, time zone differences necessitate a channel where it is easy to schedule real-time updates, and the mining company’s cybersecurity policy requires a secure Australian-hosted data storage solution.

To tackle this, South32 partnered with Viostream in 2023 to communicate sensitive board-level information. Viostream is a video-hosting platform for marketing, corporate communications, investor relations, and learning and development purposes.  

Viostream allows South32 to make asynchronous video updates that meet the mining company’s cybersecurity standards, which is vital given the sensitivity of board-level communications. The mining company mainly shares project updates among board members by publishing videos on the Viostream channel, accessible via registration and features password protection.  

“One of the main requirements South32 asked for was the multi-factor authentication feature,” Paul Vecchiato, Viostream’s CTO, told GlobalData. He added: “The company did really enjoy the fact that we are an Australian organization and that all our hardware and data is residing in Australia, as per government guidelines.”  

Indeed, to comply with South32’s cybersecurity policy, Viostream hosts its videos, metadata, and user information in Australia in ISO-27001-certified facilities.   

When asked about the level of disruption that cybersecurity can cause, Vecchiato said: “It can really destroy companies’ reputation. Our clients are mainly publicly listed companies that have more mature corporate communications and investor relations requirements; therefore, they are likely to take more advantage of video platforms and also ensure that their video communications are secure as well.  

“Of course, when you experience a cyberattack, you are much more aware of the cybersecurity risks. Companies have been in general relaxed on this, but in the last 24 months in Australia we are seeing increased attacks, and we are seeing much more interest from our customers as well.”

In 2023, Canadian base metals mining company Lundin Mining adopted Dragos’ operational technology (OT) cybersecurity platform and OT Watch to bolster its cyber resilience.  

Dragos is an industrial cybersecurity solutions provider, and its OT cybersecurity technology helps Lundin Mining secure its industrial infrastructure. Among the main challenges Dragos faced were the mining company’s interconnected industrial control systems (ICS) and OT assets spanning multiple continents.  

Lundin Mining adopted both Dragos OT Cybersecurity Platform and OT Watch. The former can find the root cause analysis of operational issues, conduct automated asset inventory, verify and prioritize vulnerabilities or supply chain risks, respond to regulatory audits, and hunt for threats based on threat intelligence. The latter incorporates ICS intrusion detection analysts and investigators dedicated to hunting for potential cyber threats.