For countries in the developing world, South Africa included, the knock-on effect of a cyberattack on critical infrastructure could be devastating. Based on past instances around the globe, the potential chaos unleashed by cybercriminals disrupting the logistics network for food, energy or medical supply chains is almost limitless.

Asked why a cybercriminal may specifically target a public sector enterprise, Kulani Maphophe, executive for government and SADC sales at Pinnacle ICT, said that it could be any of a combination of reasons.

“These people may break into a government system looking to conduct cyberwarfare or terrorism, they could be undertaking espionage, or simply engaged in plain, old-fashioned crime. They are aware that government has huge databases of personal information, and may simply be seeking to harvest names, identity numbers and addresses, which are then used for phishing attacks, or they can simply sell this data to someone else who might commit the crime,” he said.

“With a clear and growing global concern about cybercrime, governments are now taking it seriously. In fact, South Africa began its journey in 2012, when the national cybersecurity policy framework was enacted. The thinking behind this was to create greater coordination between government entities, the private sector and NGOs.”

According to Maphophe, although South Africa has not moved as quickly on the matter of cybersecurity since then, under the framework the government has established a cybersecurity hub. This is a computer security incident response team for the public sector, which coordinates between various government departments and agencies, including the State IT Agency, the State Security Agency, the department of defence, the South African Police Service and the Hawks.

Delayed

Asked what else can be done to improve the situation, he said the cybercrime bill, which was proposed in 2015 but has not yet been signed into law, needs to be fast-tracked so that such criminals can be properly prosecuted. He added that the bill has been delayed because certain parts had to be reworked in order to be compliant with the Protection of Personal Information Act (Popia) but that the only remaining hurdle now is signing it into law.

“Obviously, government needs to comply with Popia by ensuring it has systems that can protect the privacy of its data. This means ensuring that the information captured into government systems is properly protected and treated with the highest levels of confidentiality. From our perspective, there are a lot of technologies available from outsourced vendors like ourselves that can help them to assure such privacy levels.”

These include various systems designed to help protect data in different ways, such as firewalls, end-to-end security, antivirus solutions, domain security, managed detection products, advanced penetration testing and endpoint security. There are also more advanced offerings, including unified threat management and zero-trust implementations. In a digitally transforming world, the latter is the key to making security tighter and more effective.

“We would also recommend greater levels of coordination between national, provincial and local government and state-owned enterprises as there is not nearly strong enough collaboration between them. We also believe we need greater coordination between government and the private sector, in the form of public-private partnerships.”

Another challenge he identifies in a rapidly evolving digital environment is that of the technology skills gap that exists within government. The public sector needs access to highly qualified specialists and engineers, which means it will need to become better at attracting and retaining talent within government.

“This, again, is why public-private partnerships are so vital — such an approach enables government to partner with outsourced security providers and vendors who do have access to these top skills, reducing the challenge created by this skills gap. The beauty of a PPP for the public sector is that with one such joint venture, multiple departments can have access to the same resource, instead of each department trying to hire these skills individually. Such an approach significantly reduces the cost of such skills for government.

“It is worth noting that South Africa is one of only 28 countries globally to have a cybersecurity policy in place. So, we have already taken one clear and massive step in the right direction, and feel once this is passed into law, there will be a huge improvement. I think we will see better coordination between the various tiers of government and I hope to see the department of communications & digital technologies leading the charge in this respect.

“There is definitely light at the end of the tunnel when it comes to cybersecurity in the public sector. And we can also take comfort in the fact that citizen awareness of security issues is also increasing rapidly, and as the citizens themselves become more security conscious, this helps to create an even bigger security bubble.”

About Pinnacle
Built on the foundation of entrepreneurial spirit, Pinnacle is South Africa’s leading ICT distribution company. We offer a broad range of world-class technology products seamlessly delivered across an expansive footprint. Everything we do is underpinned by our technical expertise, drive and determination – we call it delivering the exceptional. For more information about Pinnacle, visit our website http://www.pinnacle.co.za or contact our offices on +27 11 265 3000. You can also follow Pinnacle on Twitter, join us on Facebook and on LinkedIn.