Cyberattack on World’s Largest Silver Producer Shows Data Is the New Gold

Fresnillo

Effective cybersecurity programs are critical for today’s traditional industries, where IT spending is low and historically deprioritized relative to other initiatives.

As these industries undergo digital transformation, bad actors frequently wait in the wings to strike. Ensuring operational resiliency in the face of an increasingly sophisticated threat landscape is top of mind for businesses across industries as disparate as finance and logistics.

News broke Tuesday (July 30) that Fresnillo, the world’s largest silver producer and a top global producer of gold, copper and zinc, suffered a cyberattack resulting in attackers gaining access to system-level data.

The mining giant’s filing stated it was “the subject of a cybersecurity incident which has resulted in unauthorized access to certain IT systems and data.”

“All business units continue their activities, and no material operational or financial impact has been experienced or is foreseen,” Fresnillo added in the filing. “This will be assessed on an ongoing basis until the situation is resolved.”

The cyberattack underscores the growing challenges global companies face in protecting their data and other assets against cyber threats and international criminal groups, whose reach continues to grow.

Read also: Firms Look to Mitigate Consequences From Data Breaches

Major Cyberattacks Expose Key Enterprise Security Weaknesses

2024 is shaping up to be the year of the cyberattack. According to the PYMNTS Intelligence report “Fraud Management in Online Transactions,” 82% of large merchants have reported data and cyber breaches over the past year.

From CrowdStrike’s Microsoft outage to AT&T and beyond, industries around the world are facing an uptick in cybersecurity incidents, with several high-profile incidents happening in recent months.

“The barrier for entry has never been lower for threat actors,” Sunil Mallik, chief information security officer at Discover® Global Network, told PYMNTS this month, noting that the cost of computing power has decreased dramatically over the past decade, making it easier for criminals to access tools and launch attacks.

It was reported in July that a confidential assessment by the Office of the Comptroller of the Currency (OCC) said 11 of the 22 large banks it oversees have “insufficient” or “weak” management of so-called operational risk, whether that means cyberattacks or mistakes by employees.

Cybercriminals are increasingly targeting the data businesses collect on customers and operations for several reasons. Personal and financial information, such as credit card numbers, bank account details and Social Security numbers, can be sold on the dark web or used for identity theft and fraud. Cybercriminals can also use this data to make unauthorized transactions or take over accounts.

“If you think about what bad guys are doing, they are putting together a picture of us — and using that information to figure out new ways to trick us,” Intellicheck CEO Bryan Lewis told PYMNTS last month, drawing a parallel between the motive behind data breaches and the game of Clue, noting that by assembling various pieces of data and “asking questions,” cybercriminals can identify and exploit vulnerabilities, leading to social engineering attacks.

See also: Fresh Wave of Major Cyberattacks Exposes Key Enterprise Security Weaknesses

Data Exists to Be Accessed, Making Protecting It a Challenge

With data breaches such as the one affecting over 100 million AT&T customers, understanding what criminals can construe from stolen data and embracing best practices for protecting sensitive information are now table stakes for businesses.

“It is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity,” Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS in February. “What’s different now is that both sides are armed with some really impressive technology.”

PYMNTS Intelligence found that 63% of chief financial officers reported using some level of specialized automation for fraud prevention in the last six months.

“Everyone has been dealing with cybersecurity for a long time,” XiFin Chief Financial Officer Erik Sallee told PYMNTS in June. “There’s no way around it other than blocking and tackling, doing the right thing every day keeping all your systems up to date, making sure you’re working with good vendors and investing in it. It’s a cost-avoidance type of investment, but it’s one you have to understand, and you can’t short-shift it.”

Many of the fundamental challenges for organizations looking to maintain data security result from the sheer volume of an organization’s data, the many ways users can access the data (on-site versus remote, computer versus mobile device), and the potential for the compromise of valid user credentials being used by unauthorized users.

But, in today’s data-driven world, organizations must prioritize cybersecurity as part of their business risk management strategy.