Last month saw Transnet was hit by a cyber-attack halting normal processes, damaging equipment, and resulting in a force majeure at the ports’ container terminals in Cape Town, Durban, Ngqura and Gqeberha. The South African rail, port and pipeline company have commented that it was a “cyberattack, security intrusion and sabotage”.
Paul Matthew, CEO of the South African Association of Meat Importers and Exporters (AMIE SA), said that he had 400 refrigerated containers at the Durban port, “with nowhere to go”. According to Fin 24 (2021) “there is currently a backlog of fruit across the citrus supply chain causing temporary delays when it comes to fruit being exported to key markets. In order to ease pressure on South African ports, growers are diverting fruit to the Maputo port. It is the peak period for citrus exports and about 45% still needs to be shipped”.
Public Enterprises Minister, Pravin Gordon, has stated that the company has since recovered but “there’s further work going on in terms of ensuring that some of the lessons learnt are implemented as far as the IT system is concerned.”
What could they have done to mitigate the risk of this?
They could have implemented an Information Security Management System like ISO/IEC 27001: 2013. The purpose of this standard is to put controls in place to reduce the probability of a cyber-attack.
What is ISO 27001:2013 and how can it help an organisation?
ISO 27001:2013 is the International Standard that outlines how an organisation can manage its information security. This data could be anything, for example, intellectual property or stakeholder lists. Implementing ISO 27001:2013 shows stakeholders they can trust in your organisation as risk mitigation systems are in place through Policies, Processes, Procedures, and Risk Assessments.
By keeping information secure, ISO 27001:2013 compliance can assist you to:
- Handle stakeholder information securely.
- Comply with the POPI Act.
- Promote a risk and security awareness culture.
Some of the other benefits of introducing ISO 27001:2013 include:
- Providing stakeholders with confidence in your management systems.
- Allowing for the secure exchange of information.
- Protecting the company, assets, shareholders, and directors, because management are committed to the security of the organisation’s information.
- Helping you comply with other regulations like PAIA and SOX.
- Keeping confidential information secure.
- Providing your organisation with a certificate from a certification body giving you a competitive advantage.
How does an organisation become ISO 27001:2013 certified?
In short – with WWISE. We have a wide range of professionals who are registered lead auditors who will assist in the implementation and maintenance of any ISO Management System in your organisation. Our consultants understand the processes employed by your company and how best to approach the implementation of the ISO requirements.
WWISE has a 4-Phase Approach:
- Phase 1: Gap Analysis Audit and Information Gathering.
- Phase 2: ISO Documentation, Risk Assessment, and Process Mapping.
- Phase 3: Implementation and Coaching.
- Phase 4: Certification.
We offer one-on-one coaching and on-the-job training where we mentor you and your team. As a consulting firm, we do not provide certification services. However, we will guide you through the certification process and ensure that your business becomes certified. For more information on how you can digitally secure your business with ISO 27001:2013 contact WWISE on 08610 99473 or visit https://www.wwise.co.za