Expert comment: WithSecure - On the recent Rio Tinto hack
March 2023 by Paul Brucciani Cyber Security Advisor at WithSecure
Following the news that former and current Australian employees of Rio Tinto may have had Personal data stolen by a cybercriminal group, Paul Brucciani Cyber Security Advisor at WithSecure explain:
Mining companies operate in far flung parts of the world where just to maintain communications is an achievement that swallows up many more IT resources than maintaining a network in a city office location. Security has less to work with. An additional challenge for companies like RT is that their employees expect unfettered access to the internet if they are expected to spend weeks and months working in the bush. Training employees in these environments to be wise online is also hard. These challenges raise significantly the risk of a breach. The question is not ‘why did this happen?’ but ‘why has it not happened, sooner’. All eyes will be on how RT demonstrates a duty of care to its employees by the way it handles the breach.
The most cost-effective way to be resilient is to plan and practice how you would respond to a security breach. Companies that are perceived by their shareholders to have recovered well from an incident can enhance their careers. The converse is true for those that can’t.”