Mining Manufacturer Cybersecurity Review
Challenge
With decentralised operations across Tasmania, The Australian mainland and South East Asia, our client understood the need to undertake a review of ICT systems and processes to ensure security of their data and provision of services to their 2000 staff.
This client approached 9X5 Consulting based on our technical knowledge of their core systems, to undertake a current-state review and make recommendations relating to their technology and processes.
Solution
9X5 Consulting undertook a current state review of all systems, data handling processes and device management tools to create a current state assessment document. This document was submitted back to the ICT management team who approved it’s validity.
With the current state understood, we then proceeded to write a recommendations guide for the client, based on the Essential 8 and NIST cybersecurity frameworks and broke down issues into 5 major categories:
- Identify: Where we develop an organisational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
- Protect: Develop and implement appropriate safeguards to ensure delivery of critical services.
- Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
- Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
- Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Our recommendations guide outlined a range of system and process enhancements.
Impact
Our recommendations guide focused on both technology and policy changes including:
- Recommended security changes for key systems including their CRM. This included implementing 2 factor authentication for all systems containing client data.
- HR Policy changes were recommended including background checks for all new employees, disposal of non-essential personal data.
- Security Awareness Training for all staff.
The client has taken these recommendations to the board and is now working with us to implement the changes across their business.
Client Overview
A leading manufacturer of quality products for the global underground and surface mining industries, this company is an authorised Caterpillar OEM.
Based in Tasmania, Australia, with operations spread across South East Asia, the organisation has grown significantly over its more than 45 years in the industry.