+61-2-9434-5000
Contact Us

Mining, Quarrying, and Oil & Gas Extraction + Utilities
NAICS 21+22

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Submit View only

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Frequency

    		  

    2,337 incidents, 338 with confirmed data disclosure

    Top patterns

    		  

    System Intrusion, Basic Web Application Attacks, and Social Engineering represent 88% of breaches

    Threat actors

    		  

    External (96%), Internal (4%) (breaches)

    Actor motives

    		  

    Financial (88%), Espionage (11%), Grudge (1%), Secondary (1%) (breaches)

    Data compromised

    		  

    Personal (58%), Credentials (40%), Other (36%), Internal (14%) (breaches)

    Top IG1 protective controls

    		  

    Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)

    What is the same?

    		  

    This industry continues to be targeted by financially motivated actors as well as actors committing espionage.

    Summary

    		  

    The Mining and Utilities industry faces similar types of attacks as other industries such as those targeting credentials and leveraging Ransomware, but in addition has a high rate of social engineering attacks like Phishing.

  • Patterns

    		  

    5-Year difference

    		  

    3-Year difference

    Basic Web Application Attacks

    		  

    No change

    		  

    No change

    Social Engineering

    		  

    No change

    		  

    No change

    System Intrusion

    		  

    No change

    		  

    No change

  • Pattern

    		  

    Difference with peers

    		  

     

    Social Engineering

    		  

    Greater

    		  

     

    System Intrusion

    		  

    Less

    		  

     

    Basic Web Application Attacks

    		  

    Less

    		  

     

  • Mining, Quarrying, and Oil & Gas Extraction + Utilities (or MQOGEU as we like to say) simply rolls off the tongue. It is an interesting “combined” industry that has had a high number of engineers. This is perhaps fitting as it seems to be under barrage from the other form of “engineers” –the Social Engineers. This industry has had a higher rate of Social Engineering breaches than their peers.

  • And it shows, as more than 60% of all breaches are Phishing (Figure d930713), followed by stolen credentials (potentially gathered by Phishing) and Ransomware (potentially tangential to Phishing). Given the key importance of this industry to our everyday well-being, we certainly hope that those credentials aren’t the only thing keeping our utilities and mining operations safe, especially since that’s one of the most commonly breached data types.

    Considering the high prevalence of Phishing and credential attacks, it’s not too surprising to have Email servers as this industry’s most commonly breached asset, followed by Web applications and Desktops. Even though the infrastructure that runs these complex systems isn’t traditional IT infrastructure, the company can still be exposed to the very same threats as any other organization.

Let's get started.