- Cybersecurity is a growing concern for the public sector, even if it’s slow to acknowledge that.
- ESET Southern Africa says that municipal offices are the most at risk but the public sector as a whole has a woeful approach to security.
- With cybercriminals getting more wily this could become a massive problem for departments and citizens alike.
Cybercriminals love an easy target and, unfortunately, operations in the public sector tend to be incredibly successful. Whether it’s a belief that hackers wouldn’t dare target a government entity, a woeful approach to cybersecurity or both, the public sector tends to have a poor plan in place for attacks.
According to ESET Southern Africa, municipalities are the most unmanaged environments when it comes to cybersecurity. While these organisations may have a basic endpoint protection solution in place, it’s tantamount to using a NikNak as a gate lock given the scale and sophistication of attacks. The Council for Scientific and Industrial Research reckons that cybercrime costs the local economy R2.2 billion annually, highlighting just how ineffective the public sector is at securing its perimeter.
The financial cost is severe but the disruption to services an attack can cause is potentially far worse. An attack on Transnet’s ports in 2021 caused massive problems to both imports and exports. These disruptions can have far reaching consequences and can last far longer than the initial attack.
Worse still, attackers could spend weeks, months and even years within a system, quietly siphoning funds and data. ESET notes that hackers can spend 298 days in a network before being detected. As such, public sector organisations need to have dedicated staff on hand to insure that cybersecurity is preserved.
While government has measures in place that dictate how departments and organisations should protect themselves, better enforcement of these measures is needed. How that is accomplished is the question that needs answering but its ultimately up to government to decide how it polices its offices.
Whatever that answer is, it best find an answer fast as cybercriminals have already shown that local government is rather inept at keeping them out. In July it was revealed that the Department of Public Works and Infrastructure had been under siege by cyberattacks that had siphoned R300 million from the department over the course of a decade.
“A proactive defence strategy is extremely important for public sector organisations to stay a step ahead of cyber criminals. This includes implementing advanced technical solutions while fostering a culture of security awareness among employees. Moving away from a reactive mindset towards a more proactive, preventative approach is a step in the right direction. Cybersecurity is not a one-time solution; rather, it’s an ongoing process that requires vigilance, adaptation, and a willingness to invest in both people and technology,” writes ESET Southern Africa.
Protection in the form of software is however, just one part of the puzzle. Awareness is a key tool in cybersecurity as with knowledge, folks can avoid failing prey to miscreants. It’s often said that humans are the weakest part of a cybersecurity chain and for good reason. This can be addressed with awareness training but it needs to be a constant within an organisation given how rapidly the techniques and tools attackers use evolve.
What we do need to do more than anything as a society and cybersecurity industry, is embrace openness. All too often are breaches kept under cover of darkness only for the intrusion to eventually come to light. We need to make it less taboo for somebody to alert security teams and authorities that a breach has occurred. This helps to not only eventually catch the bad guys but also helps citizens protect themselves from further crimes perpetrated with the stolen data.
