IT in Manufacturing

Cybersecurity threats: Reasons to take action, and key questions to ask

January 2023 IT in Manufacturing

Cyber-attacks can be costly and could result in business disruption, reputational damage, and potential legal liabilities. For example, the maximum penalties from the information regulator for serious offences are either up to a R10 million fine, imprisonment up to 10 years, or both. According to Interpol, South Africa, has the third-highest number of cybercrime victims worldwide. This costs about R2.2 billion annually.

The biggest threats are ransomware, supply chain compromise, business email compromise, and data breaches. South Africa is not immune to these threats. Here are a few examples of significant local incidents:

• Experian, SANSA, Solarwinds and TransUnion all suffered breaches of sensitive information caused by untrained employees and targeted third-party attacks.

• Last year, South Africa led the continent as the country most targeted by ransomware. A local gym company, Transnet, The Department of Justice and Constitutional Development, the National School of Government, and Life Healthcare were successfully targeted by cybercriminals. Key systems were encrypted, and core business operations interrupted.

Many organisations have the basics in place, but lack a formal strategy and framework to manage and reduce cyber risk. In some cases, key areas are neglected. There is no effective visibility of key cybersecurity metrics. This translates to leaving the ‘cyber gates’ wide open, making for an attractive target.

Business leadership needs to prioritise cybersecurity to ensure due care has been taken to protect their organisations. Key questions they should be asking are:

• What is the organisation’s threat and risk environment?

• How does the board stay informed about the threat and risk environment?

• Does the organisation know what data is held and where it is stored?

• Do they know what hardware and software is used in their organisation?

• Do they know if there are cyber risks in their supply chain?

Boards should obtain an understanding of the mitigation strategies deployed in their organisation. This can be tested by asking the following eight key questions:

1. What cybersecurity framework is used in the organisation?

2. Does the organisation routinely update and patch its systems?

3. How mature is the organisation’s cybersecurity?

4. How do employees or customers disclose vulnerabilities?

5. What is the organisation’s plan to prevent or detect cyber incidents?

6. Does the organisation have an incident response plan?

7. Does the board know its regulatory obligations?

8. Is the board prepared to respond to a cyber incident?

I recommend the following actions to reduce cybersecurity risk :

• Deliver a cybersecurity awareness programme to create a human firewall. This is important as people are one of the weakest links and the easiest to exploit. Many breaches can be traced to something that awareness training could have prevented. Phishing assessments go hand in hand with awareness training to assess the programme’s effectiveness. In general, up 15% of staff will be caught by the first assessment. Conducting another assessment after the training programme should show a significant reduction in the phishing rate and demonstrate a clear return on investment (ROI). The programme will create a culture of cybersecurity by encouraging employees to make informed decisions and fulfil their day-to-day duties according to the organisation’s cybersecurity policies.

• Conduct a third-party risk assessment. This involves inventorying all third-party relationships and conducting risk assessments of vendors that access or connect directly to your network, transmit, store or process personal information or sensitive data. Establish and enforcing security standards for third parties and the organisation’s supply chain.

• Conduct a cyber risk assessment using best-of-breed frameworks covering cybersecurity, privacy and resilience. This will assess the main adversarial threats to the crown jewels. These high-value assets would cause the most business disruption if compromised. The current cybersecurity posture will be established, versus what is required. A prioritised roadmap should be developed to address gaps to adopt cybersecurity fundamentals to preserve confidentiality, integrity and availability of data and information technology systems.

• Implement the roadmap to close all the identified gaps. This could include preparation for ISO/IEC 27001 certification via the British Standards Institute – the gold standard of cybersecurity assurance.


About Bryan Baxter

Brian Baxter.

Bryan Baxter has been in the IT Industry since 1992 in various roles, before recently joining Wolfpack Information Risk. He has helped customers successfully manage and deliver IT infrastructures to around 7000 users in several countries, where, of course, the recurring theme has been keeping customers secure from cybersecurity threats. For more information contact Bryan Baxter, Wolfpack Information Risk, +27 82 568 7291, [email protected],


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Bringing brownfield plants back to life
Schneider Electric South Africa IT in Manufacturing
Today’s brownfield plants are typically characterised by outdated equipment and processes, and face challenges ranging from inefficient operations to safety hazards. However, all is not lost, as these plants stand to gain a lot from digitalisation and automation.

Control architecture leads to faster, easier product development for refrigeration
Opto Africa Automation Editor's Choice IT in Manufacturing
What’s the secret to providing superior service and staying competitive in a changing market? You might learn something from ALTA Refrigeration’s experience. Over ten years, it transformed itself from a custom engineering services company into a scalable industrial equipment manufacturer, using an edge-oriented control architecture to manage a growing installed base.

Comprehensive protection of the network against attacks
Phoenix Contact IT in Manufacturing
In recent years, the generation of data to create ever better transparency and control of production has become a decisive competitive factor. IIoT has also contributed to more manufacturing systems being connected to IT or cloud systems. This places higher demands on access security, which Phoenix Contact meets with the Secure Edge Box.

Embracing security as a core component of your technology
IT in Manufacturing
ABI Research recently undertook a comprehensive study to learn more about the product security assurance landscape from the perspective of enterprise customers, surveying 302 enterprise customers, and conducting in-depth interviews to complement the qualitative survey.

AI in manufacturing: a process engineer’s perspective
Editor's Choice IT in Manufacturing
The expert will tell you what to do, the philosopher will tell you why to do it, and the engineer will get on and actually do it. As the hype around AI intensifies, the number of ‘experts’ is increasing exponentially. In contrast, the number of engineers who actually know how to implement AI technology remains small.

Generative AI for immersive real-time visualisation
Siemens South Africa IT in Manufacturing
Siemens will deepen its collaboration with NVIDIA to help build the industrial metaverse.

Award-winning Gen AI solutions
IT in Manufacturing
Amazon Web Services recently hosted an exclusive event in South Africa on ‘Elevating Possibilities with Partners - a Showcase of GenAI Excellence’. This event brought together ten esteemed partners, including Synthesis Software Technologies, to highlight innovative advancements in the field of Generative AI.

AI is driving data centres to the edge
Schneider Electric South Africa IT in Manufacturing
The data centre has become the cornerstone that links our digitally interconnected world. At the same time, the rapid growth and application of AI and machine learning (ML) is shaping the design and operation of data centres.

Full-scale central control room simulator
Valmet Automation IT in Manufacturing
Valmet will deliver a full-scale central control room simulator to Nordic Ren-Gas, the leading Nordic green hydrogen and e-methane developer in Finland.

Re-imagining business operations with the power of AI
IT in Manufacturing
inq. has introduced a range of artificial intelligence solutions to assist organisations across industry verticals in optimising business operations and improving internal efficiencies.