S digital Reimagine
S digital Reimagine cybersecurity to enable e-government ideal The South African government has demonstrated a deep understanding of how important the 4IR and a digital economy can be for our country’s development. But security is the foundation and enabler of the 4IR and digital government – and needs to be addressed first. CCritical infrastructure and government departments are under fire worldwide as cyber attackers target the most crucial systems for the largest payout. Power grids, ports, water and oil pipelines are being attacked, with IBM’s latest Cost of a Data Breach report saying 28% of breaches in critical infrastructure were ransomware or destructive attacks, with average breach costs topping .4-million in cases where organisations do not have zero-trust strategies. In South Africa, several government-related entities and departments are among those to have come under attack, with one high-profile incident disrupting operations for two weeks, causing up to R1-billion in losses. But while critical infrastructure attacks cause dramatic outages which make headlines, the attacks on critical systems within public sector departments – right down to local municipalities – can be equally damaging and disruptive for those affected. Earlier this month, an attack on a small local municipality took down its systems, email and landlines for several days. The public sector must not only maintain operational resilience; it must also protect and secure the personal and sensitive data of its citizens, reduce the risk of fraud and theft of public funds as well as enable productivity and cost control as part of its cyber risk mitigation efforts. As a preferred security supplier to the South African public sector, BCX has worked with many public sector agencies at local, regional and national level to help them mitigate cyber risk. In our experience, public sector CIOs and chief information security officers (CISOs) are aware of the growing cyber risk and are making every effort to protect their organisations. But they face several challenges as they do so. A key issue is that legacy systems are still widely in use in many public sector agencies. With some systems over 40 years old and no 44 | Service magazine
digital S There is no silver bullet that will instantly protect organisations such as these. high-level cybersecurity skills needed to stay ahead of everchanging cybercrime. Many departments are also challenged in getting the very basics of cybersecurity right: they may have solutions that have not been upgraded to align with the latest acceptable standards, the devices in use might not be secure and end users may not be up to date with cybercrime tactics and risks. Tackling these challenges to mitigate risk requires a holistic approach, typically implemented in phases. There is no silver bullet that will instantly protect organisations such as these. Developing effective solutions requires taking a consultative approach, understanding their current level of maturity, using proactive assessments to expose vulnerabilities, addressing low-hanging exposure for quick wins and developing a sustainable plan to improve the organisation’s risk profile over time. Important measures to mitigate risk also include introducing zero-trust strategies, monitoring and evaluation, and implementing a security operations centre. S Article courtesy of Daily Maverick longer supported, these systems are potential entry points that make their entire ecosystems vulnerable. Departments are struggling to integrate those legacy systems and have limited visibility into them. These systems often also depend on manual processes, which open these departments to the additional risks of fraud and human error. Security is also challenged by increasingly complex environments comprising multiple disparate security solutions, added over time to address various aspects of risk. Without strategic design, integration and visibility across the environment, these systems will not deliver optimal results and may even hamper risk mitigation. Another challenge is the persistent cybersecurity skills shortage. Public sector departments, like their private sector counterparts, face an uphill struggle to recruit and retain the Service magazine | 45
