In July, state-owned ports company Transnet fell victim to hackers. The cyber attack essentially paralysed the SOE, with the ports operator having to declare a force majeure. Container terminals and cargo control had to be switched over to manual processing, creating obvious delays. The company, according to Bloomberg, had been targeted with “a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches”, most likely carried out by gangs from Russia and Eastern Europe. The hackers left instructions on Transnet computers, with a note directing Transnet to visit a chat portal situated on the dark web “to enter negotiations.” Herman Singh of the University of Cape Town asks, in light of this recent event, just how vulnerable SA is to cyber attacks? “Cyber-security has been important for decades, but over the last few years it has quickly moved to centre stage. Businesses, organisations and governments will have to invest more resources in it, including time.” – Jarryd Neves
South African enterprises can’t ignore the risk of cyber attacks: the threat is on the rise
By Herman Singh*
Risk managers in South Africa must suffer perpetual headaches these days. There is a crammed list of risk management priorities to constantly monitor. These include variable water and electricity supply, physical crime, bribery and corruption, climate change, political instability, civil unrest – the list goes on.
The recent hack at the state-owned rail and ports company Transnet is an alarming reminder of how cyber security has elbowed its way near the top of the list. Details are understandably sketchy. But the threat was serious enough to take the firm offline for over a week and for Transnet to invoke the force majeure clause on its contracts.
Ransomware attacks are the fastest growing form of cybercrime in the world. They happen through the infiltration by malicious software of a computer or network. The aim is to limit or restrict access to critical data by encrypting files – effectively locking them – until a ransom is paid.
There is one ransomware attack every 11 seconds globally. That’s roughly each time you finish reading one of these paragraphs. The average downtime after each attack is 21 days. This depends on whether the ransom is paid or not. Ransoms are much maligned in public, but routinely paid in private.
As with all forms of attack, these efforts range on a spectrum of sophistication: from blunt brute force to highly complex and carefully orchestrated.
This is not a uniquely South African problem. However, it does raise the question: how vulnerable is South Africa to cyber-attacks?
The alarming rise in ransomware attacks means that many state-owned enterprises and private sector firms are only one click away from disaster. The Transnet cyber-attack should sound a warning bell to enterprises that have been slow to beef up their cyber-security systems.
A tale of two securities
Criminal syndicates generally target big fish to secure sizeable ransom payments. In South Africa, this includes large, listed companies and state-owned enterprises, like Transnet. Listed companies tend to be professionally managed, with risk committees routinely addressing cyber-security risks. These committees regularly adopt best of breed mitigation measures such as a special focus on managed services, vulnerability assessments, and contingency plans.
State-owned enterprises are another matter. Like their pitiful performance track record, the precautionary measures they implement are less than reassuring as evidenced by the number of breaches and the reliability of systems such as the systems used for vehicle registrations
In many cases, the technology systems of state-owned enterprises are poorly designed and managed. Skills levels and capacity are also low, and motivation for management in this space is a constant challenge. They are generally reliant on archaic systems and security practices.
What makes matters worse is that most state-owned enterprises are serviced by the State Information Technology Agency , making it a potentially dangerous single point of failure. Moreover, the agency has been experiencing a number of very public operational challenges over the years, effectively holding up a sign to attackers saying: “We are vulnerable”.
An ever-growing risk
Both listed companies and state-owned enterprises face an ever-growing risk from cyber attacks because of their increasing reliance on digital transactions. An attack can result:
- in the loss of data and access to processes integral to businesses operations;
- stolen intellectual property and trade secrets;
- reputational damage; and
- substantial financial losses.
For South African businesses, the threat is two-fold. First, there is the direct threat of cyber-attack which will affect their own data integrity and business functions. Second, there is the indirect threat arising from the disruption of logistics chains.
That’s exactly what happened with the Transnet cyber attack. Businesses found themselves not being able to move their goods in and out of the country.
Transnet’s Port Terminals Division ended up declaring force majeure at South Africa’s major port terminals, including Durban on the east coast, on the south east coast Ngqura, Gqeberha and in the south Cape Town. The Durban port alone handles more than half of the nation’s container shipments..
Major players, from logistics, to exporters and retailers,came forward highlighting disruptions to their industrieslasting several days. This delivered a substantial blow to an already struggling economy.
The Transnet cyber-attack draws attention to the other vulnerable strategic points in the country. One shudders to think of the potential impact of a major attack on the power utility Eskom affecting an already pressured electricity supply, or to the country’s oil and gas pipelines and refineries.
The recent attack by Darkside on the Colonial pipelines in the US resulted in fuel rationing and some fuel stations running dry.
An attack on the South African Revenue Service could cripple public finances. And should telecommunication towers be targeted, channels connecting colleagues and loved ones would be cut.
Anything disrupting air traffic control systems could have horrifying consequences.
Best precautions are often simple
A recent survey from the cybersecurity company Varonis suggested that 37% of all firms have been victims of a ransomware attack at some point.
COVID-19 has exacerbated this as attackers take advantage of sectors in crisis – according to one measure, malicious emails are up vy 600% since the start of the pandemic.
Threats to cyber security are now a factor of life; we need to learn to live with, but mitigate, the risk.
This best precautions are often surprisingly simple:
- limiting access rights to only those people absolutely required;
- implementing observability tools for constant monitoring;
- backing up data as often as possible;
- closely monitoring remote access;
- avoiding single points of failure that can compromise an entire system; and,
- reviewing the naming of key systems and files to make the job of potential hackers that little bit more difficult – naming a folder “Important files” or “Customer master-file “is just asking for trouble.
Cyber-security has been important for decades, but over the last few years it has quickly moved to centre stage. Businesses, organisations and governments will have to invest more resources in it, including time.
As our world becomes ever more intertwined with technology, the importance of managing this risk is pushing it up the long list of management priorities. Ignore it at your peril.
- Herman Singh is an Adjunct Professor at the Graduate School of Business, University of Cape Town
- This article is republished from The Conversation under a Creative Commons license. Read the original article.
- Tip of iceberg for Transnet woes as hackers paralyse SA harbours
- Ransomware linked to Transnet cyberattack
- Transnet declares force majeure following cyber attack across SA