The public sector is an attractive target for cybercriminals, for a number of reasons, and this is evidenced by the growing number of successful and highly-publicised attacks. While public sector organisations are becoming more digitally mature, the wheels turn slowly, and many are overstretched and under-resourced, particularly when it comes to matters of cybersecurity. The combination of aging technology, inadequate funding, and lack of training, coupled with the high-value data these organisations hold, makes them a goldmine for bad actors. The right cybersecurity and technology partner has become essential in helping the public sector mitigate, manage, and remediate this growing threat.
A vulnerable landscape
Recent cyberattacks on the South African public sector have shown how vulnerable the country is to cybercriminals and ransomware assaults, which pose a threat to people, the economy and infrastructure. According to theย Interpol African Cyberthreat Assessment Report 2021, South Africa was the country most heavily affected by targeted ransomware in the first quarter of 2021. Some of South Africaโs most crucial departments have recently been the targets of effective online hijackers, and most recently theย Department of Justice (DOJ) and Constitutional Developmentย was completely shut down by a cyberattack in September 2021.
The data contained in public sector organisations is hugely valuable on the dark web, so a successful exploit can be extremely profitable, and the public sector is typically reactive instead of proactive when it comes to digital transformation. Itโs there to serve, not to profit, and this leaves it vulnerable by default. The threat landscape is also evolving far faster than the ability of government organisations to keep up with technology, which makes it an easy, profitable and therefore very attractive target.
Consequences beyond the immediate
There have beenย numerous examples of such attacks in South Africa over the last few years. The National School of Government was targeted in a ransomware attack costing around R2 million, the attack on the DOJ affected all electronic services and potentially compromised 1,200 personal files.ย Transnet Port Terminals was attackedย and the disruption affected operations in several container terminals, interrupting cargo movement. Aย Pegasus spyware attack targeted world leadersย including South African President Cyril Ramaphosa.
While the pandemic may have accelerated the velocity and volume of attacks, this is by no means a new issue. Theย City of Johannesburg suffered a major network breachย in 2019. In 2016,ย members of Anonymous hacked government communications and information systemsย and posted the names, phone numbers, email addresses and passwords of 1,500 government employees online. In 2015, theย Road Traffic Management Corporationโs bank account was hackedย and R8.5 million stolen, and in 2013, the South African Police Serviceย (SAPS) website was hacked.
The effects of a successful attack on the public sector can have far-reaching consequences. From disruption to the delivery of essential services such as transport, water and electricity, to delays in court proceedings and maintenance payments. The attacks on South Africaโs public sector have been felt strongly by everyone, including the countryโs citizens. In addition, they cost large sums to deal with and rectify, straining already-tight budgets.
Dealing with the threat
President Cyril Ramaphosa signed the Cyber Crimes Bill into law in 2021, which brings South Africaโs cybersecurity laws in line with the rest of the world. The challenge lies in investigating offences and enforcing this law, particularly in the public sector, which has limited budgets, lack of funding, lack of IT expertise, and often insufficient cyber awareness, particularly at local and municipal government levels.
Theย 2021 Cybersecurity Trends in Government Reportย from BeyondTrust highlights the top threats for public sector organisations: remote worker or contractor vulnerabilities, ransomware, phishing/social engineering, disinformation, and fileless attacks, and this is where public sector organisations need to focus their defence.
Preventing advanced persistent threats and zero-day attacks is key, which requires the implementation of integrated and in-depth protection that enables the organisation to detect and respond to multiple attack vectors simultaneously. Solutions should include not only antivirus and IPS protection, but also anti-bot and firewall technology, real-time intelligence, and continuous monitoring and diagnosis. In addition, they need 360-degree visibility and cross-device security to handle the challenges of borderless networks and remote working.
The right partner is key
The volume of threats that the public sector faces, coupled with the potential consequences of a successful attack, make for a unique challenge. Adding to this, citizens are increasingly expecting government agencies to deliver the same level of service as private organisations, and that means digital transformation is the key. Getting the technology right, not only from a cybersecurity perspective but also from a service delivery perspective, has become critical. ITโs utility, and how it is managed, can dramatically impact the efficiency, effectiveness, and citizen-centric focus of government services and programmes.
The public sector can overcome these challenges by partnering with an experienced IT partner. Not only will a partner with global experience and expertise as Managed Security Service Providers assist the public sector in effectively handling emerging cyber threats, but they will also be able to deliver on the requirements of citizens for a better government experience. The result is a cost effective and efficient solution to counteract cybercrime and improve service delivery, with faster remediation and proactive protection alongside digitally transformed systems and services.
