3 minute read
Public sector must reimagine cybersecurity to enable e-government ideal
from IMIESA October 2022
by 3S Media
Total trust, infinite growth
Secure the future of your business Public sector must reimagine cybersecurity to enable e-government ideal
Advertisement
By Sinamava Hina-Mvoko - Managing Executive for Public Sector at BCX
The South African government has demonstrated a deep understanding of how important the 4IR and a digital economy can be for our country’s development. But security is the foundation and enabler of the 4IR and digital government, and needs to be addressed first.
Critical infrastructure and government departments are under fire worldwide, as cyberattackers target the most crucial systems for the largest payout. Power grids, ports, water and oil pipelines are being attacked, with IBM’s latest Cost of a Data Breach Report1 saying 28% of breaches in critical infrastructure were ransomware or destructive attacks, with average breach costs topping $5.4 million in cases where organisations did not have zero trust strategies.
In South Africa, a number of government-related entities and departments are among those to have come under attack, with one, high-profile incident disrupting operations for two weeks, causing up to R1 billion in losses. But while critical-infrastructure attacks cause dramatic outages that make headlines, the attacks on critical systems within public-sector departments – right down to local municipalities – can be equally damaging and disruptive for those affected. Earlier this month, an attack on a small, local municipality took down its systems, email and landlines for several days.
As a preferred security supplier to the South African public sector, BCX has worked with many publicsector agencies at local, regional and national level to help them mitigate cyber risk. In our experience, public sector CIOs and CISOs are well aware of the growing cyber risk, and are making every effort to protect their organisations. But they face a number of challenges as they do so.
A key issue is the legacy systems still widely in use in many public-sector agencies. With some systems over 40 years old and no longer supported, these systems are potential entry points that make their entire ecosystems vulnerable. Departments are struggling to integrate those legacy systems, and have limited visibility into them.
Safeguard your evolution
These systems often also depend on manual processes, which open these departments to the additional risks of fraud and human error.
Security is also challenged by increasingly complex environments, comprising multiple disparate security solutions, added over time to address various aspects of risk. Without strategic design, integration and visibility across the environment, these systems will not deliver optimal results and may even hamper risk mitigation.
Another challenge is the persistent cybersecurity skills shortage. Public-sector departments, like their privatesector counterparts, face an uphill struggle to recruit and retain the high-level cybersecurity skills needed to stay ahead of ever-changing cybercrime. Many departments are also challenged in getting the very basics of cybersecurity right: they may have solutions that have not been upgraded to align with the latest acceptable standards, the devices in use might not be secure, and end-users may not be up to date with cybercrime tactics and risks.
Tackling these challenges to mitigate risk requires a holistic approach, typically implemented in phases. As a systems integrator, we are well positioned to implement end-to-end solutions that reduce risk in a comprehensive way.
There is no silver bullet that will instantly protect organisations such as these. Developing effective solutions requires taking a consultative approach, where we understand their current level of maturity, use proactive assessments to expose vulnerabilities, address low hanging exposure for quick wins, and develop a sustainable plan to improve the organisation’s risk profile over time.
Important measures to mitigate risk also include the introduction of zero trust strategies, monitoring and evaluation, and the implementation of a Security Operations Centre.
1 https://newsroom.ibm.com/2022-07-27-IBM-ReportConsumers-Pay-the-Price-as-Data-Breach-Costs-Reach-All-Time-High