Risk managers in South Africa must suffer from perpetual headaches these days. There is a long list of risk management priorities to be constantly monitored. These include variable water and electricity supplies, physical crime, bribes and corruption, climate change, political instability, civil unrest – the list goes on. .
The recent hack into state-owned rail and port company Transnet is an alarming reminder of how cybersecurity has made its way to the top of the list. The details are naturally sketchy. But the threat was serious enough to take the company offline for more than a week and for Transnet to invoke the force majeure clause on its contracts.
Ransomware attacks are the fastest growing form of cybercrime in the world. They occur through malware infiltration of a computer or network. The goal is to limit or restrict access to critical data by encrypting files – effectively locking them – until a ransom is paid.
There is a ransomware attack every 11 seconds worldwide. That’s pretty much every time you finish reading one of these paragraphs. The average downtime after each attack is 21 days. It depends on whether the ransom is paid or not. Ransoms are much maligned in public, but systematically paid in private.
As with all forms of attack, these efforts span a spectrum of sophistication: from brutal brute force to the most complex and carefully orchestrated.
This is not just a South African problem. However, this begs the question: how vulnerable is South Africa to cyber attacks?
The alarming increase in ransomware attacks means that many public and private sector companies are just a click away from disaster. The Transnet cyber attack should sound a wake-up call to companies that have been slow to strengthen their cybersecurity systems.
A story of two titles
Criminal syndicates usually target the big fish for large ransoms. In South Africa, this includes large listed companies and state-owned enterprises, such as Transnet. Listed companies tend to be professionally managed, with risk committees dealing with cybersecurity risks on a regular basis. These committees regularly adopt the best mitigation measures such as a special focus on managed services, vulnerability assessments and contingency plans.
State-owned enterprises are another matter. Like their poor performance record, the precautionary measures they implement are far from reassuring, as evidenced by the number of breaches and the reliability of systems such as the systems used for vehicle registrations.
In many cases, the technology systems of state-owned enterprises are poorly designed and poorly managed. Skill and capacity levels are also low, and motivation for management in this space is a constant challenge. They are generally based on archaic security systems and practices.
What makes matters worse is that most SOEs are served by the National Information Technology Agency, making it a potentially dangerous single point of failure. Additionally, the agency has faced a number of very public operational challenges over the years, effectively waving a sign to attackers saying, “We are vulnerable.”
An ever greater risk
Listed companies and state-owned enterprises face an increasing risk of cyber attacks due to their growing reliance on digital transactions. An attack can lead to:
- in the loss of data and access to processes that are integral to business operations;
- intellectual property and trade secrets stolen;
- damage to reputation; and
- significant financial losses.
For South African businesses, the threat is twofold. First, there is the direct threat of a cyber attack that will affect their data integrity and business functions. Second, there is the indirect threat resulting from the disruption of supply chains.
This is exactly what happened with the Transnet cyberattack. Companies found themselves unable to move their goods in and out of the country.
Transnet’s port terminals division ended up declaring a force majeure event in the main port terminals in South Africa, including Durban on the east coast, on the south-east coast Ngqura, Gqeberha and south of Cape Town. The Port of Durban alone handles more than half of the country’s container shipments.
Major players, from logistics to exporters and retailers, have come forward highlighting disruptions in their industry for several days. This has dealt a huge blow to an already struggling economy.
The Transnet cyberattack draws attention to other vulnerable strategic points in the country. One shudders to think of the potential impact of a major attack on the power company Eskom affecting an electricity supply already under pressure, or on the country’s oil and gas pipelines and refineries.
Darkside’s recent attack on colonial pipelines in the United States resulted in fuel rationing and some gas stations drying up.
An attack on the South African tax administration could cripple public finances. And if the telecommunications towers were targeted, the channels connecting colleagues and relatives would be cut.
Anything that disrupts air traffic control systems could have horrific consequences.
The best precautions are often simple
A recent survey by cybersecurity firm Varonis suggested that 37% of all businesses have been the victim of a ransomware attack at some point.
COVID-19 has exacerbated this situation as attackers take advantage of sectors in crisis – by one measure, malicious emails have increased 600% since the start of the pandemic.
Cyber security threats are now a factor of life; we have to learn to live with, but mitigate, the risk.
These best precautions are often surprisingly simple:
- limit access rights to only those people who are absolutely necessary;
- set up observability tools for permanent monitoring;
- back up data as often as possible;
- closely monitor remote access;
- avoid single points of failure that can compromise an entire system; and,
- revise the naming of key systems and files to make the job of potential hackers a little more difficult – naming a folder “important files” or “client master file” is just asking for trouble.
Cyber security has been important for decades, but in recent years it has quickly taken center stage. Businesses, organizations and governments will need to invest more resources, including time.
As our world becomes increasingly intertwined with technology, the importance of managing this risk pushes it to the top of the long list of management priorities. Ignore it at your own peril.
Herman Singh, Associate Professor at the Graduate School of Business, University of Cape Town
This article is republished from The Conversation under a Creative Commons license. Read the original article.