CALGARY — Mining and oil and gas companies not only face threats from cybercriminals hoping to gain financially but may also be targeted by "hacktivists" who want to make a political or environmental point, says Yogen Appalraju, EY Canada's cybersecurity leader.
He said companies can ward off such attacks but the checklist they must follow is long and continuously changing. Here are some basic tips:
- Start out with an assessment of what controls are in place. Are they adequate?
- Identify the gaps, based on an industry standard such as that published by the U.S. National Institute of Standards and Technology.
- Focus on foundational controls such as security hygiene, ensuring employees understand where vulnerabilities exist.
- Keep up-to-date with "patches" that cover up bugs or vulnerabilities in computer programs.
- Guard the perimeter, paying special attention to any system that connects with the internet.
- Warn employees to watch for "phishing" attacks, which involve hackers sending legitimate-looking emails to lure them to click on a link that allows the entry of malware.
- Be aware that hackers might attempt to physically enter your office to "piggyback" access to system ports that are inside the firewall.
- Mitigate safety issues by building in cybersecurity monitoring and prevention measures for any equipment that is automated or remote controlled.
- Make sure part of the IT budget is set aside for cybersecurity — EY recommends as a general guideline about five to seven per cent.
- Continuously invest in people, process and technology — all three are important.
- Ensure a robust back-up system is in place to allow a quick recovery from attack because it's "not a matter of if, but when, an organization is breached."
SOURCE: The Canadian Press
The Canadian Press