You are currently viewing our desktop site, do you want to download our app instead?
Moneyweb Android App Moneyweb iOS App Moneyweb Mobile Web App

NEW SENS search and JSE share prices

More about the app

Transnet cyber attack: could it have been prevented?

‘Cyber attacks are inevitable; therefore you need to have controls in place to assist in the recovery’: Brandon Naicker, cyber security executive, LAWTrust.

FIFI PETERS: If you’ve been following events at Transnet you would know that their IT systems were down for about six days or so. This follows a cyber attack on the group systems. Things have today been restored in most parts of the business, but it does raise questions about government’s readiness to deal with such attacks, as they are becoming a lot more common all over the world.

We have Brandon Naicker, the cybersecurity executive at LAWTrust joining us for more.  Brandon, thanks so much for your time. How closely have you been following the story of Transnet?

Transnet cyber attack confirmed: Port terminals division declares force majeure
Transnet’s vital Navis container terminal operating system back online

BRANDON NAICKER: Hi, good day. We’ve been looking at it just in terms of what’s out there in the news. It seems that Transnet was compromised by a major cybersecurity incident. This isn’t uncommon in South Africa, as we’ve seen, lots of large – even small – companies falling victims to cyberthreat actors. Currently the investigation is under way, and we are looking to see what those results yield as to how that attack was performed.

FIFI PETERS: But what does seem common, Brandon, is that a lot of these companies, including Transnet, are caught off guard when it does happen – which raises questions about South Africa’s readiness to deal with such events.

BRANDON NAICKER: Definitely. It seems as if there was a malware attack such as ransomware which was planted on the various IT systems. This is not uncommon as well. We’ve seen quite a number of companies (suffering that). It’s difficult to mitigate these ransomware attacks. One could assume that poor cybersecurity practices led to this compromise, which is quite evidenced by the lack of business continuity and IT disaster recovery plans, which would allow them to at least continue working. The reports you’re seeing are suggesting that they now are working on manual processes, as most of the IT infrastructure is offline. We’ve seen this quite a lot in terms of companies being ill-prepared to manage this risk.

FIFI PETERS: Again, not unique to Transnet, and certainly not unique to South Africa. Earlier on in the year we had a major US pipeline that was hacked and ransom demanded in the form of Bitcoin. I believe the US government did pay and eventually got it back.

Staying in the US, they are still probing around interference regarding the 2016 election. But bringing it back home, should we then be worried that other state institutions may be targeted next after Transnet?

BRANDON NAICKER: Definitely. I think the biggest IT risk that a company can face is not having a mature cybersecurity programme in place that prepares the organisation for scenarios like this. It’s important to have preventive measures in place, but cyber attacks are inevitable; therefore you need to have controls in place to assist in the recovery when a cyber attack happens which (controls) should be based on business processes.

I think it’s important that these recovery plans must include the protection of sensitive information. Stakeholders such as business executives must be able to trust the information at hand during times like this. It is important to have out-of-band mechanisms and communication channels to share documents securely by digitally signing a document to protect the document’s integrity, as there could be malware embedded within the systems that could take months to eradicate. They need to have proper plans in place to make sure that they can recover and continue operations, which it seems Transnet did not have in this case.

FIFI PETERS: Yes. Brandon, thanks so much for your time. We will leave it there. That’s Brandon Naicker, the cybersecurity executive of LAWTrust.

I once had a conversation around cyber attacks, and it seems like the easiest way for these packages to get through, as it were, is by ordinary employees just sending what looks like an innocent email at the time, and just a click of the button allowing the hackers to infiltrate the system. So it really does also speak to the importance of training for employees in a company, even in a state institution, on how better to deal with such incidents given that they are growing in prominence.

Please consider contributing as little as R20 in appreciation of our quality independent financial journalism.



Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in to comment.


Given the recent co-ordinated looting and attacks on some distribution channels in Kzn, a small part of me wonders if these cyber attacks might not be linked somehow?. Shady characters enlisted to further try to destabilise the supply chains by shutting the ports.

A BIG part of me – don’t know why – sees Russia behind this.

Could it be because Russia also apparently offers unbeatable medical treatment to South African high profile politicians who go there fairly regularly (like currently) to receive such treatment for undisclosed medical problems – all at tax payers expence ….

So they did it because they offer medical help too? What a motive! Ahh the ‘logic’ of the SA public schooling system.

So they did it because they offer medical help too? What a motive! Ahh the ‘logic’ of the SA public schooling system.

I would can like to send taaakitikal kommandos to attack the internet hey.

I would can like to send taaakitikal kommandos to attack the internet hey.

End of comments.





Follow us:

Search Articles:
Click a Company: