SA’s government departments are sitting ducks for cyber attacks

South Africa’s government departments and entities are sitting ducks for cyber attacks due to years of underinvestment in security systems, outdated technology, and incompetent IT security staff.

A security compromise at the Companies and Intellectual Property Commission (CIPC) last week will have far-reaching implications for businesses whose personal data is on the CIPC database, says Anna Collard, a security expert at KnowBe4 Africa.

ADVERTISEMENT

CONTINUE READING BELOW

“If there’s a cyber attack on the public sector there’s an impact on the whole country and its citizens,” she says.

Read:

The CIPC is the regulatory body for the registration of companies and intellectual property rights, and it holds the records of thousands of companies in South Africa. It falls under the auspices of the Department of Trade, Industry and Competition.

The CIPC warned in a statement on Thursday that there was “an attempted security breach” and that the personal information of people in the CIPC’s records could be compromised.

Collard says the breach could also sow the seeds for subsequent cyber attacks and crimes, such as phishing.

“If some fraudster has all this information, like a company’s registration details, the name of the director, and financial particulars then subsequent phishing emails can sound much more believable,” she says.

“And on top of it, you throw artificial intelligence into the mix where these attackers use automated tools for phishing emails and the situation becomes even more dangerous.”

The CIPC is but one of a number of public institutions that have fallen victim to cyber attacks in the last three years.

In 2021, Transnet’s port operations were paralysed for close to a week due to a ransomware attack.

Read:

In June 2023, the Department of Justice experienced its third ransomware attack in less than three years. South Africa’s information regulator last year fined the department for negligence after an investigation into its 2021 cyber attack found its security licences had expired in 2020 and it did not take the necessary steps to safeguard more than 1,000 sensitive files.

Cybersecurity ranking

According to the International Telecommunications Union’s 2020 Global Cybersecurity Index (GCI), which measured 194 countries’ cybersecurity at a global level, South Africa was in 59th place – behind African countries such as Ghana, Tanzania, Rwanda, Egypt and Nigeria.

“Ghana’s cybersecurity improved so much that the country is now ranked 43rd – up from 89th place,” says Collard.

ADVERTISEMENT

CONTINUE READING BELOW

“Mauritius leads in Africa, ranked 17th on the index. South Africa is falling behind.”

She says South Africa’s public sector’s IT runs on outdated technologies and security systems, with multiple surveys in the public sector testimony to South Africa’s ineptitude in IT security.

“The respondents admit in surveys that they don’t have enough resources, systems, and skills in place. There’s enormous complexity in securing systems. So, even if you have the right technology and you don’t know how to operate and configure it, it’s very likely you’ll experience a cyber attack.”

Cyber extortionists ‘go after everything’

Collard is of the view that the CIPC’s security breach is in all likelihood a ransomware attack or cyber extortion.

“I don’t believe the attack was specifically targeted at CIPC or its staff, because cyber extortionists go after everything.

“The way these syndicates operate is they work in groups,” she adds.

“They have ‘access brokers’ who have already managed to compromise credentials or find pathways into the system and they will then consider how much profit a target makes and if attacking is worth their while.”

South Africa needs to wake up and prioritise cybersecurity, she says. “That includes investing more in skills development.”

William Murphy

Related post