classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018

Data security sits at the heart of democracy
February 2019, Cyber Security, Security Services & Risk Management

A recent report found that even the Pentagon’s latest advanced military systems are vulnerable and can be ‘easily hacked’. The consequences for citizens of rogue military assets is unthinkable. But that fear is not reserved for fighter jets and frigates: the hacking of a nation’s tax collection system, for example, would have a crippling effect on the economy, global investor confidence, disbursement of social and public services, and citizen trust in government institutions.

Thomas Mangwiro: public sector security specialist, Mimecast
Thomas Mangwiro: public sector security specialist, Mimecast

South African cyber resilience in the spotlight

A succession of high-profile government data breaches both locally and abroad has cast a stark light on the importance of effective public sector cybersecurity policies and protections. Without fully functional public institutions such as revenue collection, freight handling, military defence, and social grant disbursement, governments will find it hard to instil confidence among its various stakeholders and service delivery to citizens, businesses and public institutions will be impeded.

The rise of the smart city – a catch-all phrase for cities that utilise emerging technologies such as IoT to improve service delivery and enhance the citizen experience – further complicates matters. With the digitisation of government in full swing, any exploitation of cybersecurity vulnerabilities of the operational technologies that power our electricity generation or freight handling capabilities could cripple essential government services and leave millions without much-needed public or social services.

The South African government has taken note: the Cybersecurity Hub established by the Department of Telecommunications and Postal Services is a positive step toward improved cybersecurity awareness and information sharing across the South African public and private sectors. And Defence Minister Nosiviwe Mapisa-Nqakula’s recent commitment to collaborate with other countries to effectively deal with the challenge of modern cybersecurity is a timely acknowledgement that South Africa is as vulnerable to cyber threats as its more developed peers.

I would argue that Minister Mapisa-Nqakula and her colleagues should prioritise cyber resilience within the public sector as a first line of cyber defence. Cyber resilience refers to an organisation’s ability to continue to operate or deliver services despite adverse cyber events. And its first port of call in this regard should be greater awareness among its hundreds of thousands of employees regarding the different types of cybersecurity threats, how to spot them, and how to prevent them.

Action plan for improved cybersecurity awareness

In a global study by Mimecast and Vanson Bourne, more than a third of global public sector companies lacked confidence in their employees’ ability to identify impersonation fraud asking for sensitive company data such as HR or financial information. And yet, only 14% train their employees continuously to ensure they have the awareness and knowledge to identify potential cyber threats.

Awareness training, a process of ensuring employees have the knowledge and insight to identify potential cyber threats, is an indispensable part of any effective cyber defence strategy. But government should look beyond defence-only cybersecurity to a cyber resilience strategy built on three key principles:

1.) Ensuring the correct security measures are in place prior to an attack;

2.) Implementing a durability plan to keep email and business operations running during an attack; and

3.) Ensuring they have the ability to recover data and critical IP after an attack.

The ability to adapt to continually evolving and escalating cyber threats is critical, but it’s a task made immensely challenging by a global shortage of skilled security professionals. This places the spotlight on end-user training: without the relevant security skills in place, it becomes even more important for cybersecurity to be a shared responsibility across the organisation. Government-led education initiatives in collaboration with private sector companies can significantly improve the awareness of staff at all levels of the public service to identify and combat emerging cybersecurity threats.

The concept of cyber awareness training should play a starring role in any government-led cyber defence initiative. Public sector employees that display risky behaviour – such as opening emails from unknown senders, clicking on links without validating them first, opening attachments without care and using work devices for personal activities – should undergo regular training to ensure they understand the risks associated with such activities.

According to a Google Consumer Research report commissioned by Mimecast, nearly one in four employees aren’t even aware of the most basic cyber threats to their organisation, including phishing and ransomware. Imagine the dire consequences of a successful ransomware attack on a government department providing medical services to vulnerable citizens. Cybercriminals are constantly innovating and finding new ways to infiltrate organisations’ defences. So, without adequate awareness and understanding of the various ways cybercriminals could penetrate government systems, no amount of investment in technology will safeguard our public institutions.

  Share via Twitter   Share via LinkedIn      

Further reading:

  • 2019 cybersecurity crystal ball
    February 2019, Wolfpack Information Risk, This Week's Editor's Pick, Cyber Security
    Craig Rosewarne, MD of Wolfpack Information Risk says the cyber landscape will be more volatile and dangerous in 2019, are we ready?
  • Trends for 2019
    February 2019, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management
    Hi-Tech Security Solutions asks around to find out what we can expect to see happening in the security market in 2019.
  • The value of adopting TAPA’s warehousing standard
    February 2019, Technews Publishing, Security Services & Risk Management
    Hi-Tech Security Solutions looks at TAPA’s FSR (Facility Security Requirements) standards, which cover best practices for securing assets in storage.
  • AI delivers autonomous efficiencies
    February 2019, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
    Active Track adds artificial intelligence to its people-tracking solution to transform it into an effective, streamlined management application.
  • Business resilience will be key in 2019
    February 2019, ContinuitySA, This Week's Editor's Pick, Security Services & Risk Management
    One of the most important trends to emerge in recent years is that it is increasingly difficult to identify individual risks in isolation, says Michael Davies, CEO, ContinuitySA.
  • Secure parking on major routes
    February 2019, This Week's Editor's Pick, Asset Management, EAS, RFID, Security Services & Risk Management
    Hi-Tech Security Solutions spoke to Phambili Gama, COO of Zimele Investment Enterprise Company about its Zimele Truck Stops and the security in place to ensure the safety of people and assets on the sites.
  • New release of AC2000
    February 2019, Johnson Controls, Access Control & Identity Management, Security Services & Risk Management
    Johnson Controls’ latest CEM Systems’ AC2000 release goes beyond security to help mitigate health and safety risks.
  • 50% of companies can’t detect IoT breaches
    February 2019, This Week's Editor's Pick, Cyber Security, IT infrastructure
    Only around half (48%) of businesses can detect if any of their IoT devices suffer a breach. This comes despite an increased focus on IoT security.
  • SA fleet management report
    February 2019, This Week's Editor's Pick, Asset Management, EAS, RFID, Security Services & Risk Management
    IoT analyst firm, Berg Insight, says the installed base of fleet management systems in South Africa to reach 2,5 million units by 2022.
  • Corporate fraud and insider threats
    February 2019, Cyber Security, Security Services & Risk Management
    Insider fraud and theft can often be more damaging to a company than risks from outside.
  • Corporate privacy in a selfie age
    February 2019, Cyber Security, Security Services & Risk Management
    Doros Hadjizenonos, regional sales director at Fortinet in South Africa looks at how CISOs can maintain corporate privacy even as employees adopt emerging technologies.
  • SME cybersecurity: high risk
    February 2019, Cyber Security, IT infrastructure
    Small and medium-sized businesses are becoming more attractive targets for cyber criminals – both direct and also as a starting point for larger attacks across a supply chain.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.