advertisement
Facebook
X
LinkedIn
WhatsApp
Reddit

Transnet is a cautionary tale all companies should heed

Last week Transnet, a state-owned entity that services South Africa’s rail, port and pipeline infrastructure was hit by a “disruption in some of its IT applications” which has put the firm in a bind.

While Transnet has been able to restore some of its IT systems as of Tuesday afternoon, the firm isn’t out of the woods yet. Thankfully, Transnet had business continuity plans in place, but the incident has disrupted import and export operations in and out of South Africa.

“It is expected that some applications may continue to run slowly over the next few days, while monitoring continues,” Transnet said on Tuesday. “All operating systems will be brought back in a staggered manner to minimise further risks and interruptions.”

What has caused this disruption is an unknown for now until Transnet shares more information, but to us this seems like a ransomware attack owing to the staggered approach to bringing systems back online. Of course it could be any sort of attack, but experts seem to agree.

“I suspect this was a ransomware attack,” senior vice president of content strategy at KnowBe4 Africa, Anna Collard tells Hypertext.

“With the United Stated declaring ransomware a national threat, more criminals will shift their attention towards the emerging economies and South Africa is quite attractive, because on the one hand, we have developed infrastructure, a high degree of digitisation but at the same time, not enough government capacity to defend against this on a national level,” the SVP adds.

“The concerning point is what are we going to do in South Africa if and when more of our critical infrastructure is under attack. It’s absolutely crucial that we need to collaborate and assist each other in cases like that and defend our country against this inevitable threat together,” says Collard.

How has government addressed this incident?

In a word – poorly.

In a briefing from acting minister in the presidency on Friday, Khumbudzo Ntshavheni said that the “IT breach” was unrelated to the recent unrest in the country.

“Transnet is seized with activities to restore full operations and it is expected that Transnet Freight and Rail will be operational later today. Minister Pravin Gordhan together with the management of Transnet earlier today met with industry players affected by the disruption of Transnet operations to explain measures being undertaken to restore operations and prevent future attacks,” said Ntshavheni.

This is, quite frankly, not good enough. While we can’t deny that ransomware is incredibly disruptive, this is why a good disaster management and incident response plans are so essential.

All companies – whether private, public or state-owned – should be preparing for the inevitability of a cyber attack and should never assume that they won’t be targeted because they are too small or not important enough to warrant attacking. Cybercriminals want anything they can get because even if they just get a few email addresses, they can sell those on to more malicious attackers to execute phishing attacks or worse.

Similar attacks have happened to larger firms including massive insurers such as Liberty and Momentum, showcasing that anybody can and likely is a target.

“It’s not a matter of if it a matter of when. Unfortunately as soon as a government organisation is compromised in this fashion its assumed they didn’t have appropriate security controls. However these ransomware attacks are happening to blue chip organisations with large security budgets, so no one is spared,” says co-founder and business development director at Nclose, Stephen Osler.

“We have recently seen another flurry of South African victims of the rampant ransomware attacks. According to sources some well-known ransomware victim lists there have been over 1 000 businesses compromised this year which is a massive increase from the same period of last year,” Osler adds.

We need to start taking cybersecurity more seriously in South Africa or one day we may not wake up and realise it’s too late because cybercriminals have poisoned the water supply.

It’s easy to imagine cybercriminals as bored teenagers looking for cheap thrills but that thinking is dangerous. We know that organisations such as Darkside operate like legitimate businesses with customer support (or would it be target support?) and malicious actors will target anything they can find.

Take your security seriously folks, to ignore the power cybercriminals have is folly.

[Image – CC 0 Pixabay]

advertisement

About Author

advertisement

Related News

Subscribe to
our newsletters

[mailpoet_form id=”1″]