Earlier this week, "hacktivist" group Anonymous claimedto hack into a Canadian mining company, BCGoldCorp., placing a video of 80s pop star Rick Astley's 1987 hit, "NeverGoing to Give You Up." The song is frequently used by internet trolls, withthe practice commonly referred to as "Rickrolling."
No data appears to have been breached in the hacking.
Anonymous said it hacked the company site to protest Canada'sshielding of resource corporations. According to a statement from the group in November2015, "the Canadian government and judiciary shield their global media fromaccountability from their human rights abuses and environmental destruction worldwide."
The hacking is reportedly part of the #OpCanary campaign launchedby Anonymous several years ago against international resource firms, and recentlyrelaunched to generate more public interest in the campaign, Hackread reported March 28.
The hacking of BC Gold follows the June 2015 hacking of , with hackers underthe moniker of Angels_of_Truth claiming to have accessed Detour's employee and corporatedatabases and compromising employees' personal information, including dates of birth,salary records and social insurance numbers.
Hacking now qualifies as a major risk for international resourcecompanies, Ernst & Young concluded in its report detailing business risks forresource companies in 2015-2016.
"Cyber-hacking has become more widespread and sophisticated,with cyber-attacks being a common issue across the mining and metals sector regardlessof size or sale," the report said.
An increased internal threat and intensified budget pressuresare leaving many companies open to cyber risk, with 44% of companies polled havingno real-time insight into cyber risks, 46% of companies not having a security operationscenter and 42% of firms not having a threat intelligence program.
Australia's mining industry has also felt the pressure of a growingsusceptibility to hacking attacks. In Australia, the New South Wales Departmentof Industry, Resources and Energy had one of its regional offices attacked by hackerslooking to access private commercial information, Australian Mining reported March 30.
Particularly worrisome is the convergence of IT and operationstechnology, as an IT breach would allow hackers access to operational systems atprojects, which often are not designed to contain security measures to prevent unauthorizedaccess.
The threat of hacking increases when there are business changesafoot, Montreal-based internet security expert Terry Cutler told SNL Metals &Mining on March 30.
"Whenever there are acquisitions or layoffs, that's whenmost companies are vulnerable," Cutler said. "Accounts aren't being deactivated,systems aren't being maintained. While this is happening, hackers have a windowof time to attack these systems."
Security breaches can have serious financial effects on a company,Cutler warned.
"A breach can bankrupt the company, if it accesses all detailson vendors, pricing. If that's open, competitors can get this information."
Hackers can easily identify weak systems and vulnerabilitiesvia a tool called Shodan, which allows users to search for all devices and systemsconnected to the internet. Shodan allows hackers to identify security weaknesseswithout even accessing the particular site themselves, Cutler notes.
"It's very difficult to protect against Shodan," Cutlersays. "Doing so can potentially cut off service [on the website] for legitimateusers."
The growth in the number of activist groups like Anonymous thatpossess hacking capabilities is another reason why mining firms must take the threatseriously.
Yet companies often fail to realize the importance of protectingagainst data breaches from hackers — largely because financial fallout from databreaches have failed to materialize in most cases, Avner Levin, director of RyersonUniversity's Privacy & Cyber Crime Institute in Toronto, told SNL on March 30.
"It doesn't impact the bottom line," Levin said, toexplain why awareness still lags about cyber threats. "I think at the end ofthe day, a publicly traded company looks at its stocks and says, 'Has [a data breach]damaged this?' We haven't seen in Canada hacking incidents that resulted in financialdamage to corporations, despite the negative publicity."
The mining industry's well-documented generational alignment— with the older generation still very much in charge while younger, more technology-literateworkers are in short supply — is compounding the difficulty in raising awarenessof tech threats.
"I think the older generation of executives is used to somelegacy systems and the whole thing of hacking, online interactions and social media— those things are very foreign to them. It's not a part of their daily life,"Levin said.
"They have the mentality of 'no one's going to attack me,'"Cutler said. "They're so far behind the time, and don't get the impact of cyberintrusion because they think it won't impact their real world. But in fact, it does."
Industries are looking to the federal government to take a leadershiprole in addressing hacking, Levin said.
"They want the federal government to step up and play aleadership role, and establish a clearinghouse for people to disclose, with somelegal immunity, their vulnerabilities, trade war stories, and learn from each other,"Levin said.
In the meantime, companies can take several measures to minimizethe risk of hacking and illegal authorization by rogue groups, Cutler said.
"The thing with security is that it's never 100% secure,and there's no silver bullet. The goal is to make it as hard as possible."
Cutler recommends conducting an intrusion or penetration teston company systems to detect vulnerabilities and address the issue before hackersidentify it and wreak havoc on systems.
Ernst & Young recommends that boards of mining companiesmake information security a priority, while assessing current systems for vulnerabilitiesand creating a response protocol to prepare for a hack attack.