Data stolen from a cyber attack on a large industrial company such as Stelco could be worth millions of dollars to hackers, according to an Oakville-based cyber security expert.
Data breaches could provide hackers with customer lists, employee lists, pricing data, supplier information and contract details that would be valuable for competitors, said Manoj Arora, CEO of Difenda, a cyber security company that deals with mining and manufacturing companies.
“That information is worth millions of dollars when sold to the right buyer,” Arora said.
“If I’m a Stelco competitor and someone comes to me saying ‘I have this data, I know the prices they’re selling at, I know the terms of the contracts,’ I might be willing to buy it for $10 million or $5 million or $1 million.”
Arora said he was speaking generally about cyber attacks and not speaking about Stelco specifically.
The Hamilton steelmaker revealed earlier this week it was the victim of a “criminal cybersecurity attack on our systems.” The company stated it will work with law enforcement to investigate the attack further.
“The countermeasures taken were effective and limited the scope of the attack,” the company stated in a release. “Certain operations, including steel production, were temporarily suspended as a precautionary measure but have since resumed operations.
The company stated some representatives don’t currently have access to their computer and their corporate emails.
“We are working with industry-leading cyber security specialists and other advisers to re-establish our systems and restore our business functions, however, as we implement our recovery plans there may be some delay in making payments to some of our business partners,” the company added.
A spokesperson for Stelco said on Friday the company had nothing further to share about the incident.
Arora said the hackers of mining and manufacturing companies are often state-sponsored criminal organizations from rogue nations.
There are three main types of cyber attacks carried out against businesses, Arora explained.
One is the use of ransomware, where data is hijacked or computer systems are locked down and will only be returned if the affected company pays a ransom in bitcoin — electronic currency that can’t be traced easily.
Arora said he’s aware of ransomware attacks where a company’s data has been stolen and encrypted. The company must pay to get the encryption keys to decode its own data and the hackers will “even have a 1-800 number to call if you’re having problems,” he said.
Another type is the simple theft of a company’s data that could be useful to competitors or for financial or employee information.
“It would basically tarnish the brand and bring the value down,” Arora said.
A third type is the hacking of a company’s operating technology so that a factory or manufacturing plant has to be shut down.
This is sometimes the method used by so-called “hacktivists,” who may want to make a political or environmental statement. A steel company’s operations could be targeted, for example, because it makes the tubular products used to build oil and gas pipelines.
Arora suggested hacktivists likely weren’t the cause of the Stelco breach because those types of attacks tend to be publicly announced ahead of time because “they’re trying to make a point.”
It’s more likely the attack was aimed at Stelco’s information technology, Arora said, and not its operating technology.
“Stelco shut it down and they were able to bring it back quickly which means (the attack) wasn’t targeted at shutting the operations down,” said Arora.
In March, the Canadian and U.S. operations of global steelmaker EVRAZ were shut down because of a ransomware attack.
And in October, Westdale Secondary School was the target of a cyber attack that disrupted online classes.