Where does SA logistics stand as far as cybersecurity is concerned?

Issue 8 2022 Logistics (Industry), Security Services & Risk Management

South Africa’s logistics industry is battling a war on many fronts. Bad weather, equipment breakdowns and shortages and congestion continue to hamper the country’s ports, adding days to the supply chain and creating havoc downstream.

The conflict in Ukraine and the weakness of the rand are exacerbating the situation, with inflation skyrocketing to the detriment of consumers.

In addition, South Africa is now firmly in the cross hairs of cyber criminals. Antivirus provider Kaspersky’s research shows that ransomware attacks in South Africa doubled between January and April 2022 compared to the same period last year.

The 2021 cyberattack on Transnet was especially damaging, impacting ports, harbours and pipelines to the point that the state enterprise was forced to declare force majeure at several container terminals.

Lesiba Sebola, director of information technology at Bidvest International Logistics (BIL), says it is paramount to safeguard IT infrastructure given how central it has become to operations.

“The bottom line is the financial losses incurred. Transnet, not being able to operate their ports affects us, and obviously, if there are attacks in our own environment that necessitates downtime of the infrastructure, it would be difficult to conduct business.”

Sebola says the most prevalent form of attack is phishing, which seeks to get information from users. “You need a multifaceted approach to protecting your information. We have perimeter security, which involves firewalls, and with operating systems there is always updates you need to do, whether it is an operating system update or security update, to eliminate vulnerabilities the providers have identified.”

However, Sebola stresses that the most important aspect of cyber security is user awareness. “The majority of successful attacks happen here. If your users are not aware, it is like taking a key to your house and throwing it over the security fence for attackers to use.”

“At BIL, we have an online program where staff can learn about security and the different types of attacks: e-mail impersonations, for example. If they spot an e-mail that looks a bit suspicious, we have a special process they follow to alert us so that we can investigate. This forms part of our induction process and occurs on a quarterly basis.”

Like Sebola, Craig Rosewarne, MD of cyber security company Wolfpack Information Risk, believes everyone is at risk of cyberattacks. “You could be an individual, a non-profit, a small charity, it does not matter. The hacker does not care where the money comes from.”

“The harsh reality is that attacks cannot be prevented, but organisations can defend against them, provided they recognise the complexity of digital crimes and tackle them accordingly.”

For Sebola, this means continuously monitoring networks to establish any irregular patterns. “You have to have an incident response plan in place, but you also cannot have a prescriptive one that is generic. This plan will tell you who needs to be involved, who the contact people are, and not just from IT. You need to establish who is involved from legal, operations and the communications side, because there are various aspects that you want to consider.”

“When you have cyber insurance, part of the requirement is that you inform them of any breaches. It is important to keep logs from the IT side. Make sure you contain the attack so that you can preserve the evidence. This is important in terms of the analysis later on to prevent such a breach from happening again.”




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Background checks: risk levels and compliance
iFacts Access Control & Identity Management Security Services & Risk Management
Conducting background checks is a vital step in the hiring process for employers or when engaging service providers; however, it is crucial to understand the legal framework and regulations governing these checks.

Read more...
Federated identity orchestration
Technews Publishing SMART Security Solutions Editor's Choice Access Control & Identity Management Security Services & Risk Management AI & Data Analytics
Understanding exactly who resides at the end of a digital device is key, and simple identity number verification by the Department of Home Affairs is no longer a viable solution on its own.

Read more...
Balancing security and ease-of-use
Technews Publishing SMART Security Solutions Access Control & Identity Management Security Services & Risk Management
Fraud incidents have financial repercussions and erode consumer trust, leading businesses to become more aware, though this awareness does not necessarily translate into confidence in their identity authentication processes.

Read more...
Identity and authentication
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security Security Services & Risk Management
Identity authentication is a crucial aspect of both physical security and cybersecurity. SMART Security Solutions obtained insights into the topic and the latest developments from three companies.

Read more...
Boost revenue streams for MNOS
News & Events Security Services & Risk Management Financial (Industry)
ReveNet has introduced its new solution, designed to safeguard and potentially boost revenue streams in an increasingly challenging landscape for MNOS. The new platform combines advanced analytics and is built on trust, transparency, and sustainability principles.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...
Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...