The ransomware attack on July 22 of Transnet Port Terminals made headlines and disrupted operations in several container terminals, as well as the cargo movement in South African ports.
In Cape Town’s harbour the container terminal stopped functioning and port authorities had to manually record the freight of incoming and outgoing vessels. In Durban’s port, which handles about 60 percent of container traffic, the cyberattack created severe logistical congestion. Transnet are not openly sharing details, but apparently they are still struggling to rebuild the Navis container operating system after the ransomware attack. This whole episode has cost them millions – not only for the rebuilding of the system, but also customers seeking compensation for losses before they declared a force majeure.
The longer-term effect of the disruption is even more damaging. Transnet and South Africa could not really afford a prolonged crisis or a slowdown in port operations after the debilitating politically-driven unrest in July 2021 that paralysed port operations in Durban and Richards Bay. The disruptions caused considerable damage to the South African economy.
Similarly, cyberattacks inflicted serious financial losses across the government, as well as the manufacturing, banking and energy sectors. The Department of Justice and Constitutional Development experienced an incapacitating ransomware attack encrypting and closing down all its electronic systems during September 2021 affecting the running of the courts, the Master’s office, maintenance payments and also compromised 1200 personal files. The National School of Government (NSG) also became a victim of ransomware when R2 million were demanded to decrypt their files. Due to a lack of budget, it resulted in two months that they could not use their system.
South Africa is among the world’s biggest targets of cybercrime and falls in the top 30 countries in the world to be targeted by malware attacks, costing the country about R2.2 billion per year. The attractiveness of South Africa as a cybercrime target can probably be attributed to the country’s well-developed financial and technology infrastructure. The recent cyberattacks illustrated how vulnerable South Africa is to cybercriminals and ransomware attacks, which pose a major threat to our economy.
Just like many other technologies, cybersecurity is evolving at an exponential pace. This can partly be ascribed to a constant stream of new technologies and new threats. In fact, cybercriminals and malevolent hackers trying to illegally access computer systems and valuable data, have increased during the pandemic according to a report published in November 2021 by McAfee and FireEye, titled “Cybercrime in a pandemic world: The impact of Covid-19.” During the pandemic, 81 percent of global organisations experienced an increase in cyber threats, while 79 percent experienced costly downtime due to a cyber incident mostly during peak season when they are more vulnerable due to increased consumer and business activity. Organisations should therefore urgently prioritise and reinforce their cybersecurity architecture, especially in the light of the coming peak holiday season and increased consumer demands.
With e-commerce and online shopping that increased significantly during the pandemic and eventually led to numerous store closures worldwide, the online industry is faced with more cyber threats than ever before. Threats typically include compromised payment credentials and cloud storage attacks. Mimecast also found a major increase of 75 percent in email-borne attacks, that are becoming increasingly sophisticated. These included phishing and brand impersonation attacks.
Unfortunately, although cyber threats increased and intensified, most organisations have not effectively prioritised cybersecurity. Although 60 percent saw an increase in online and web activity and 56 percent suffered costly downtime due to a cyber concern, 97 percent of organisations believe they do not give enough attention to cybersecurity.
In addition, the McAfee and FireEye report revealed that 33 percent of organisations had their technology and security budgets reduced during these times of increased cyber threats. Seventy-six percent of companies also find it difficult to maintain a fully staffed security team and security operations centre (SOC) during peak periods – especially due to the scarcity of staff with cybersecurity qualifications and skills in South Africa.
Addressing the threats
Organisations will have to become proactive and implement security measures and industry-wide cybersecurity requirements to protect against the newest cyber threats, especially those that are known to target specific industries. Various specialised tools are available to SOC teams, while several new software as a service (SaaS) offerings assist organisations to address the latest threats. There are even excellent solutions to secure and connect work-from-home employees, vulnerabilities often exploited by cybercriminals. It works according to the principle that each device or user should earn the trust to get access to the network, also referred to as a Zero Trust Network.
Organisations will also have to create a cybersecurity awareness culture among employees through training, thus making them aware of increased phishing emails, texts, and suspicious uniform resource locator (URL) campaigns to breach organisational security. It is important that organisations further develop extensive incident prevention and response plans that enable them to respond and remedy a security breach in minutes rather than hours.
In particular, organisations will have to focus on the possible interruption of supply chains by identifying risks timeously, understand the potential downstream effects of a cyberattack, and prepare proper response plans to enable them to act quickly and decisively in the event of an incident.
However, the growing number of security tools bring its own complexity, often exacerbated by the ongoing cybersecurity skill shortage of about three million cybersecurity professionals in South Africa and the rest of the world, thus hampering the management of security environments and the numerous security tools.
This is one of the major reasons for the increasing adoption of artificial intelligence (AI) within security arrangements. AI is particularly valuable when integrated into the organisation’s broader security ecosystem and assuming some of the complexities of human behaviour.
Cyberattacks are on the rise and increasingly damaging. We can therefore not be careful enough since cybercriminals seem to always find new ways to circumvent even the most robust security measures. An intelligent security architecture is needed to manage today’s sophisticated threat landscape. Furthermore, a proactive security team, robust processes, and effective technology are needed to counter the elevated threats of today.
According to Gartner, by the year 2025, 60 percent of organisations will use the calculated cybersecurity risk as the primary determinant in conducting any third-party transactions and business engagements. If an organisation does not have proper security they may find it increasingly difficult to conduct business in this new cybercrime pandemic.
Professor Louis CH Fourie is a Technology Strategist
*The views expressed here are not necessarily those of IOL or of title sites.
BUSINESS REPORT ONLINE