Theo Yameogo: Welcome, Juan. I'm looking forward to our conversation on the latest trends of cybersecurity in mining and metals given that you are our national cybersecurity leader for the sector.
Juan Valbuena: Thank you, Theo, for having me. I look forward to our conversation.
Theo Yameogo: Let's get right into it. Recently, we've seen a lot of cyberattacks in mining organizations. What seems to be the trend behind this?
Juan Valbuena: Well, Theo that's right. We have seen a few mining companies falling victims of cyberattacks in the last few months. I’m not surprised. The level of threat activity that we have seen in the past two years has been significant. And one of the main reasons behind this is the global conflict. Pro-Russia threat actors have been actively and consistently trying to breach organizations in the West.
Unfortunately, they have succeeded so many times. But we cannot forget the fact that cybercrime is very lucrative business. It is very cheap and easy to execute and is a low risk. So, we will continue seeing these level of threat activities. Threat actors will be more creative in the way that they can manage to infiltrate organizations. And for mining organizations they need to keep focus on improving the program or maturing the program in a way that they can manage the risk for any cyberattack.
Theo Yameogo: That's very interesting, Juan. Cybersecurity leaders in organizations are called CISO, Chief Information Security Officers. And you were in such a role recently at a mining company. Now, when you take that experience, and you merge it with all the client discussions you've been having, how would you define the challenges of the CISO in a mining environment?
Juan Valbuena: That's a great question, Theo. Thank you. So, we have to step back, understand a bit more the goal of a CISO in transforming the organization to become more resilient against cyberattacks. And by that, I mean the organization to be able to predict, withstand and respond to a cyberattack in a timely manner. The challenge for the CISO is the fact that they have to manage the risk to the OT environment which normally are more vulnerable.
By OT, I mean all the different components that will support the mining and the productions in mining sites. So, what is important here is that the CISO should have a very clear and open communication with the COO and the OT teams and leadership to be able to, together, come up with the right sort of solutions, security technology, to be able to help identify potential threats within the environment and be able to establish the practices around managing identity and other aspects of cyber to be able to mitigate the risk in these environments.
Theo Yameogo: After hearing your description of what the CISO does and what are the challenges, would you say that nowadays a mining company not having a CISO is really not acceptable?
Juan Valbuena: I think it's important for organizations today to realize that they need somebody who can guide them and lead them through understanding how they need to manage the cyber risk in the organization. This is no longer an IT problem. It's a business problem. So, it’s definitely something that they need to put somebody in place to drive the program.
Theo Yameogo: Now, for a case where we have somebody in place and there's a cyberattack that is happening, how is the CISO working to respond and recover from such an attack?
Juan Valbuena: I think hopefully before that happens, the CISO would have had the opportunity to work with business leaders and develop a plan to be able to respond to a cyberattack in a timely manner. It’s very key for the CISO to spend time with senior management and the different business leaders and educate them in terms of what are the dynamics of a cyberattack, and what decisions they need to make throughout the process.
So, at the end they will know what to do if that happens.
Theo Yameogo: Okay.
Juan Valbuena: The CISO also needs to kind of work with different teams in the organization to start developing more detailed procedures, especially those teams that support infrastructure or critical service applications where they may need to recover data or technology components in different places. They need to know what to do. So, the CISO will facilitate the development of those playbooks.
Theo Yameogo: As a sector, we talk a lot about digital transformation, which is cyber space, literally. So how would the CISO work with the rest of the business leaders in this new environment to make sure that we're not open for more complexities?
Juan Valbuena: Yeah, that's a great question, Theo, thank you. I think as we go into this kind of evolution in the mining industry, trying to maximize profits and reduce costs and make more use of information, we are going to need to start integrating more the OT and the IT environment. But that, in a way, is creating problems for the system, it’s changing the risk profile of the organization as traditionally OT environments are more vulnerable because they are more difficult to keep updated, or they cannot really be changed because the applications on top of it don’t work.
So that's where, as we are seeing this trend of moving more towards a more digital mind, it’s important for the CISO to become central part of those conversations. Every single project or every big operational investment should go through in collaboration with security in a way that we can help from the security perspective, help the business to make decisions around the potential risk for the organization or what else we have to do around those new projects or the new initiatives to be able to manage the risk.
What is important here is the collaboration that needs to exist between the COO, OT leaders, executive management, and cybersecurity to be able to have an effective digital journey.
Theo Yameogo: Thanks, Juan, for joining me today and sharing your insights and cybersecurity best practices in mining and metals.
Juan Valbuena: Thank you, Theo, for having me. It was a great conversation. I really enjoyed it. Thank you.
