The public sector is an attractive target for cybercriminals, for a number of reasons, and this is evidenced by the growing number of successful and highly-publicised attacks. While public sector organisations are becoming more digitally mature, the wheels turn slowly, and many are overstretched and under-resourced, particularly when it comes to matters of cybersecurity. The combination of aging technology, inadequate funding, and lack of training, coupled with the high-value data these organisations hold, makes them a goldmine for bad actors. The right cybersecurity and technology partner has become essential in helping the public sector mitigate, manage, and remediate this growing threat.
A vulnerable landscape
Recent cyberattacks on the South African public sector have shown how vulnerable the country is to cybercriminals and ransomware assaults, which pose a threat to people, the economy and infrastructure. According to the Interpol African Cyberthreat Assessment Report 2021, South Africa was the country most heavily affected by targeted ransomware in the first quarter of 2021. Some of South Africa’s most crucial departments have recently been the targets of effective online hijackers, and most recently the Department of Justice (DOJ) and Constitutional Development was completely shut down by a cyberattack in September 2021.
The data contained in public sector organisations is hugely valuable on the dark web, so a successful exploit can be extremely profitable, and the public sector is typically reactive instead of proactive when it comes to digital transformation. It’s there to serve, not to profit, and this leaves it vulnerable by default. The threat landscape is also evolving far faster than the ability of government organisations to keep up with technology, which makes it an easy, profitable and therefore very attractive target.
Consequences beyond the immediate
There have been numerous examples of such attacks in South Africa over the last few years. The National School of Government was targeted in a ransomware attack costing around R2 million, the attack on the DOJ affected all electronic services and potentially compromised 1,200 personal files. Transnet Port Terminals was attacked and the disruption affected operations in several container terminals, interrupting cargo movement. A Pegasus spyware attack targeted world leaders including South African President Cyril Ramaphosa.
While the pandemic may have accelerated the velocity and volume of attacks, this is by no means a new issue. The City of Johannesburg suffered a major network breach in 2019. In 2016, members of Anonymous hacked government communications and information systems and posted the names, phone numbers, email addresses and passwords of 1,500 government employees online. In 2015, the Road Traffic Management Corporation’s bank account was hacked and R8.5 million stolen, and in 2013, the South African Police Service (SAPS) website was hacked.
The effects of a successful attack on the public sector can have far-reaching consequences. From disruption to the delivery of essential services such as transport, water and electricity, to delays in court proceedings and maintenance payments. The attacks on South Africa’s public sector have been felt strongly by everyone, including the country’s citizens. In addition, they cost large sums to deal with and rectify, straining already-tight budgets.
Dealing with the threat
President Cyril Ramaphosa signed the Cyber Crimes Bill into law in 2021, which brings South Africa’s cybersecurity laws in line with the rest of the world. The challenge lies in investigating offences and enforcing this law, particularly in the public sector, which has limited budgets, lack of funding, lack of IT expertise, and often insufficient cyber awareness, particularly at local and municipal government levels.
The 2021 Cybersecurity Trends in Government Report from BeyondTrust highlights the top threats for public sector organisations: remote worker or contractor vulnerabilities, ransomware, phishing/social engineering, disinformation, and fileless attacks, and this is where public sector organisations need to focus their defence.
Preventing advanced persistent threats and zero-day attacks is key, which requires the implementation of integrated and in-depth protection that enables the organisation to detect and respond to multiple attack vectors simultaneously. Solutions should include not only antivirus and IPS protection, but also anti-bot and firewall technology, real-time intelligence, and continuous monitoring and diagnosis. In addition, they need 360-degree visibility and cross-device security to handle the challenges of borderless networks and remote working.
The right partner is key
The volume of threats that the public sector faces, coupled with the potential consequences of a successful attack, make for a unique challenge. Adding to this, citizens are increasingly expecting government agencies to deliver the same level of service as private organisations, and that means digital transformation is the key. Getting the technology right, not only from a cybersecurity perspective but also from a service delivery perspective, has become critical. IT’s utility, and how it is managed, can dramatically impact the efficiency, effectiveness, and citizen-centric focus of government services and programmes.
The public sector can overcome these challenges by partnering with an experienced IT partner. Not only will a partner with global experience and expertise as Managed Security Service Providers assist the public sector in effectively handling emerging cyber threats, but they will also be able to deliver on the requirements of citizens for a better government experience. The result is a cost effective and efficient solution to counteract cybercrime and improve service delivery, with faster remediation and proactive protection alongside digitally transformed systems and services.