Data security sits at the heart of democracy

1 February 2019 Information Security, Security Services & Risk Management

A recent report found that even the Pentagon’s latest advanced military systems are vulnerable and can be ‘easily hacked’. The consequences for citizens of rogue military assets is unthinkable. But that fear is not reserved for fighter jets and frigates: the hacking of a nation’s tax collection system, for example, would have a crippling effect on the economy, global investor confidence, disbursement of social and public services, and citizen trust in government institutions.

Thomas Mangwiro: public sector security specialist, Mimecast
Thomas Mangwiro: public sector security specialist, Mimecast

South African cyber resilience in the spotlight

A succession of high-profile government data breaches both locally and abroad has cast a stark light on the importance of effective public sector cybersecurity policies and protections. Without fully functional public institutions such as revenue collection, freight handling, military defence, and social grant disbursement, governments will find it hard to instil confidence among its various stakeholders and service delivery to citizens, businesses and public institutions will be impeded.

The rise of the smart city – a catch-all phrase for cities that utilise emerging technologies such as IoT to improve service delivery and enhance the citizen experience – further complicates matters. With the digitisation of government in full swing, any exploitation of cybersecurity vulnerabilities of the operational technologies that power our electricity generation or freight handling capabilities could cripple essential government services and leave millions without much-needed public or social services.

The South African government has taken note: the Cybersecurity Hub established by the Department of Telecommunications and Postal Services is a positive step toward improved cybersecurity awareness and information sharing across the South African public and private sectors. And Defence Minister Nosiviwe Mapisa-Nqakula’s recent commitment to collaborate with other countries to effectively deal with the challenge of modern cybersecurity is a timely acknowledgement that South Africa is as vulnerable to cyber threats as its more developed peers.

I would argue that Minister Mapisa-Nqakula and her colleagues should prioritise cyber resilience within the public sector as a first line of cyber defence. Cyber resilience refers to an organisation’s ability to continue to operate or deliver services despite adverse cyber events. And its first port of call in this regard should be greater awareness among its hundreds of thousands of employees regarding the different types of cybersecurity threats, how to spot them, and how to prevent them.

Action plan for improved cybersecurity awareness

In a global study by Mimecast and Vanson Bourne, more than a third of global public sector companies lacked confidence in their employees’ ability to identify impersonation fraud asking for sensitive company data such as HR or financial information. And yet, only 14% train their employees continuously to ensure they have the awareness and knowledge to identify potential cyber threats.

Awareness training, a process of ensuring employees have the knowledge and insight to identify potential cyber threats, is an indispensable part of any effective cyber defence strategy. But government should look beyond defence-only cybersecurity to a cyber resilience strategy built on three key principles:

1.) Ensuring the correct security measures are in place prior to an attack;

2.) Implementing a durability plan to keep email and business operations running during an attack; and

3.) Ensuring they have the ability to recover data and critical IP after an attack.

The ability to adapt to continually evolving and escalating cyber threats is critical, but it’s a task made immensely challenging by a global shortage of skilled security professionals. This places the spotlight on end-user training: without the relevant security skills in place, it becomes even more important for cybersecurity to be a shared responsibility across the organisation. Government-led education initiatives in collaboration with private sector companies can significantly improve the awareness of staff at all levels of the public service to identify and combat emerging cybersecurity threats.

The concept of cyber awareness training should play a starring role in any government-led cyber defence initiative. Public sector employees that display risky behaviour – such as opening emails from unknown senders, clicking on links without validating them first, opening attachments without care and using work devices for personal activities – should undergo regular training to ensure they understand the risks associated with such activities.

According to a Google Consumer Research report commissioned by Mimecast, nearly one in four employees aren’t even aware of the most basic cyber threats to their organisation, including phishing and ransomware. Imagine the dire consequences of a successful ransomware attack on a government department providing medical services to vulnerable citizens. Cybercriminals are constantly innovating and finding new ways to infiltrate organisations’ defences. So, without adequate awareness and understanding of the various ways cybercriminals could penetrate government systems, no amount of investment in technology will safeguard our public institutions.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.