With South Africa now among the world’s biggest cybercrime hotspots, companies are scrambling to guard against new and highly sophisticated attacks. The ransomware breach of Transnet in 2021 exposed just how damaging cybercrime can be to local supply chains and the export/import market. The situation has only intensified since then.

But as Morne Visser, Head of IT Operations and Infrastructure at BIL explains, spending millions of rand on external cyber protection measures won’t make a difference unless companies’ end-users are trained what to look out for. “We receive about three million e-mails a month. That’s three million opportunities for a hacker.”

Visser adds that logistics companies deal with a variety of industries across the world and each of these must safeguard against phishing and other attacks. In other words, it is a war on numerous fronts.

So frequent have attacks become that companies must alert staff to new threats and update cyber security tools every quarter, where it used to be only once a year, says Morne. “That is why choosing the right cybersecurity partner is so important and extensive end-user training is required.”

According to BIL’s IT Director Lesiba Sebola an excellent track record is key. “Logistics uses the IoT (Internet of Things) and the security aspects need to be looked at. You want to look for a company that has experience in this field,” Sebola says.

“In logistics, you are required to give a client visibility on where they are in the supply chain process and there needs to be integration across the different areas. What you want is a cyber security company that has expertise in integration.”

Morne adds that these experts also need to have a firm grasp of the latest cybersecurity toolsets and be proactive in everything they do. Certifications and awards from tech industry giants like Microsoft are good indications of their quality and standing within the sector.

He stresses that older tools need to be discarded in favour of the latest technology to counter attacks from hackers, who find new ways every day to breach companies’ defences. “An effective cybersecurity response plan is non-negotiable. Too often people run around like headless chickens when a system has been breached. In their panicked state, they call for servers to be shut down when this would immediately remove the ability to investigate the attack properly so a solution can be found. A well-drilled team that understands the latest cybercrime trends will prevent such scenarios from playing out.”

Lesiba says the best company will be the one that is 100% committed to ensuring protection is maintained. “We talk about technology, people and processes. For technology, we ask whether we have the right tech in place. For people, it’s all about training. And for processes, it’s about whether people are following them. Yet even with all this in place, if you are not maintaining your cybersecurity system, you might as well not even bother.”