There are very real cyberthreats lurking today, and all organisations need to protect themselves.
We tune into the movies and TV shows for entertainment – sometimes because we need a serious dose of escaping reality to forget about our challenges for a while. And if we’re watching a thriller, when the film is over, we breathe a sigh of relief that what happened in it was much too far-fetched to have any actual connection to reality.
Perhaps viewers a couple of years ago were comfortable, while watching the 2023 American apocalyptic thriller ‘Leave the World Behind’, to think that they would be returning safely to reality when the credits finally rolled, because….
[Editor’s note: If you haven’t seen the movie, here comes a spoiler alert!]
…because a war was NOT actually being started outside the cinema by sinister forces who began by first destroying communication networks and critical infrastructure through a highly targeted cyber attack.
(If you haven’t seen the movie and want to know more, here’s a quick sneak peek at the trailer. The movie stars Julia Roberts, Mahershala Ali, Ethan Hawke and Kevin Bacon.)
Except that… attacks on infrastructure ARE becoming more commonplace in the real world, as Information Technology (IT) and Operational Technology (OT) systems become increasingly intertwined.
Let’s look at some real-life examples.
Striking at Critical Infrastructure
One of the largest oil pipelines in the United States, the Colonial Pipeline in the eastern USA, went down in May 2021 for a few days because of a massive cyber-attack. It caused fuel shortages, panic buying and a temporary spike in gasoline prices.
The attack, from a Ransomware-as-a-Service (RaaS) operation named DarkSide, caused a four-day shutdown of the pipeline, after DarkSide’s operators had accessed the company’s IT network, stolen 100 gigabytes of data and encrypted several critical systems. A significant section of the eastern part of the country was affected, and Colonial Pipeline paid the hackers nearly $5 million as a ransom to finally regain control of their systems.
The Colonial Pipeline ransomware attack is considered to be one of the most significant attacks on critical national infrastructure in history.
So perhaps the moral of this particular story is this: Taking down critical infrastructure is not so far-fetched after all!
As for communications networks, cyber-attacks on telecommunications companies (telcos) can have far-reaching consequences. The nature of the information held on customers can put their personal safety at risk if it’s breached.
American telco giant AT&T has had its systems breached more than once. System breaches have also taken place on Tangerine in Australia, Kyivstar in Ukraine, Alphalink in France, Bharat Sanchar Nigam Limited in India… the list of international telcos that have been attacked just goes on.
Data breaches and service failures undermine customer trust and have a negative impact on reputations. The result is companies being hit with recovery expenses as well as a potential loss of future customer revenue.
Closer to Home
South Africa has not gone unscathed as far as significant cyber attacks are concerned.
- Transnet Attack: In July 2021, South Africa’s state-owned logistics firm, Transet, suffered a major ransomware attack that disrupted operations at ports and significantly affected the supply chain, demonstrating how ransomware can affect national economic activities. You could perhaps regard this as being SA’s own version of the Colonial Pipeline major critical infrastructure attack, because the results were also severe and far-reaching – in fact, Transnet declared a ‘Force Majeure’, meaning an event that cannot be reasonably anticipated or controlled.
- Experian South Africa: In August 2020, this renowned consumer, business and credit information services agency experienced a data breach where a fraudster gained unauthorised access to the personal information of approximately 24 million South Africans and almost 800,000 (793,749) businesses. The exposed data included contact information and employment details.
- National Health Laboratory Service (NHLS): When the IT systems of the NHLS were targeted by ransomware in 2024, all files on the affected computers and servers became inaccessible, leading to a halt in NHLS operations. In addition, 1.2 terabytes of data was stolen during the attack, including the sensitive medical information of millions of patients.
- South African Weather Service (SAWS): In January 2025, the SAWS disclosed that its ICT-base systems were disrupted by an attack led by ransomware-as-a-service group RansomHub.
These are just a few examples of local cyber breaches in South Africa. Knowing the cause, impact and response to past data breaches can help businesses protect their own data – and bottom-line – by ensuring that they avoid the same pitfalls and mistakes.
It’s important to understand that kidnapping today is no longer only the domain of Somali pirates operating off the coast of Northeast Africa, using speedboats and machine guns to take over lucrative international cargo ships. Cybercriminals – like the Colonial Oil attackers – now ‘kidnap’ data, holding systems and companies to ransom until significant sums of money are paid.
No organisation wants to be in the media spotlight for the wrong reasons. Being aware of cyber attacks suffered by other companies can help your business to learn from these pitfalls and stay safe moving forward. Let’s go back to the movies to ponder that one a bit more closely:
“In my line of work, you have to understand the patterns that govern the world. It can help you see your future. And I knew something was coming.” – George H Scott, ‘Leave the World Behind’
Any business can be a victim of cybercrime. If you need help with cyber protection for your organisation, please contact Vox to see how we can be of assistance.
About Author
