Cyber hit a red flag to SA firms, ‘Learn lesson from Transnet breach’

DURBAN – WHILE the full impact of last week’s cyberattack on Transnet remained unknown yesterday, experts have warned that the consequences of the growing new crime trend could be severe.

It could result in financial losses, reputational damage or the complete loss of systems, said Junaid Amra, PwC forensics technology solutions leader.

Transnet said last week that it had “identified and isolated” the source of disruptions to its IT systems, adding that technical teams continued to minimise the impact. The company said it was prioritising the export of reefer containers (cold storage), primarily through the Durban port, given the citrus season.

After the attack, loading and unloading operations had to be handled manually at the ports in Durban, Richards Bay, Eastern Cape and the Western Cape.

Malcolm Hartwell, master mariner and director at Norton Rose Fulbright SA, said the cyberattack had affected Transnet’s cargo handling and monitoring system.

“This prevented trains and ships being loaded and unloaded with containers, and brought terminal operations to a halt. This is a new and constant threat to the world’s logistics’ networks, which rely heavily on automated computer systems,” said Hartwell. “We saw this with the breach of Maersk’s systems a few years ago that brought the carrier to a halt for five days, and in the recent attacks on ports in Iran and the UAE.

“Norton Rose Fulbright has established a dedicated cyber team to respond to incidents like these that affect not only shipping, port operations and logistics networks, but any business such as financial institutions that rely on the increasing interconnectedness between businesses and their trade partners.”

Hartwell also warned ship owners: “Ships are particularly vulnerable to cyberattacks as they rely on computers for everything from navigation to engine control; so (they) are vulnerable to being taken over and run aground or into another vessel. Such an act, if defined as terrorism, would be excluded from cover by the War Risks exclusion. Ship owners have accordingly been advised to ensure that their systems are protected from cyberattacks. “The attack (on Transnet) … does highlight the importance of cyber security and insurance for any business involved in logistics and shipping.”

Amra said cybercrime would usually involve, among other things, electronic funds transfer (EFT) fraud, breaches of email systems to aid EFT fraud or other forms of fraud, ransomware attacks and the targeting of online stores, which increased during Covid-19 pandemic.

“During the pandemic, there has been an increase in ransomware attacks, this is where attackers infiltrate an organisation, exfiltrate data that can be used to hold the organisation to ransom, and then on a given day activate ransomware that was placed on the network. Sophisticated attackers focus on server infrastructure and, as a result, organisations could find themselves in a position where none of their systems are available after the attack.

“Overall there is no silver bullet in terms of protecting against cyberattacks. Organisations do, however, need to have a well designed, implementable cyber strategy. In addition, organisations need to have robust incident response processes to ensure that when something does occur, the incident handling and recovery processes are managed in a manner that reduces business disruption and exposure,” said Amra.

In a recent statement, Webber Wentzel attorneys welcomed the fact that the Cybercrimes Act 19 of 2020 had been signed into law by President Cyril Ramaphosa.

“(The law) criminalises various types of cybercrimes, including illegally accessing a computer system or intercepting data, cyber fraud, unlawfully acquiring a password or access code, cyber extortion, and theft of incorporeal (intangible) property,” the firm said.

Courts would also have the power to try people who are not local citizens, as well as those who commit crimes in other countries, where that had affected a person or business inside the country.

Source link

Sign up for our daily Maritme Cyber Analysis and Threat Intelligence news.