BCX: The public sector must reimagine cybersecurity to enable e-government ideal

Read More

The South African government has demonstrated a deep understanding of how important the fourth industrial revolution (4IR) and a digital economy can be for our country’s development. But security is the foundation and enabler of the 4IR and digital government and needs to be addressed first.

Critical infrastructure and government departments are under fire worldwide as cyber attackers target the most crucial systems for the largest payout. Power grids, ports, water and oil pipelines are being attacked, with IBM’s latest Cost of a Data Breach Report saying 28% of breaches in critical infrastructure were ransomware or destructive attacks, with average breach costs topping $5.4-million in cases where organisations do not have Zero Trust strategies.

In South Africa, a number of government-related entities and departments are among those to have come under attack, with one, high-profile incident disrupting operations for two weeks, causing up to R1-billion in losses.  

But while critical infrastructure attacks cause dramatic outages which make headlines, the attacks on critical systems within public sector departments – right down to local municipalities – can be equally damaging and disruptive for those affected. Earlier this month, an attack on a small, local municipality took down its systems, email and landlines for several days.

The public sector must not only maintain operational resilience; it must also protect and secure the personal and sensitive data of its citizens, reduce the risk of fraud and theft of public funds, and enable productivity and cost control as part of its cyber risk mitigation efforts.

As a preferred security supplier to the South African public sector, BCX has worked with many public sector agencies at local, regional and national levels to help them mitigate cyber risk. In our experience, public sector CIOs and CISOs are well aware of the growing cyber risks and are making every effort to protect their organisations. But they face a number of challenges as they do so.

A key issue is the legacy systems still widely in use in many public sector agencies. With some systems over 40 years old and no longer supported, these systems are potential entry points that make their entire ecosystems vulnerable. Departments are struggling to integrate those legacy systems and have limited visibility into them. These systems often also depend on manual processes, which open these departments to the additional risks of fraud and human error.

Security is also challenged by increasingly complex environments comprising multiple disparate security solutions, added over time to address various aspects of risk. Without strategic design, integration and visibility across the environment, these systems will not deliver optimal results and may even hamper risk mitigation.

Another challenge is the persistent cybersecurity skills shortage. Public sector departments, like their private sector counterparts, face an uphill struggle to recruit and retain the high-level cybersecurity skills needed to stay ahead of ever-changing cybercrime.

Many departments are also challenged in getting the very basics of cybersecurity right: they may have solutions that have not been upgraded to align with the latest acceptable standards, the devices in use might not be secure, and end users may not be up to date with cybercrime tactics and risks.

Tackling these challenges to mitigate risk requires a holistic approach, typically implemented in phases. As a systems integrator, we are well-positioned to implement end-to-end solutions that reduce risk in a comprehensive way. 

There is no silver bullet that will instantly protect organisations such as these. Developing effective solutions requires taking a consultative approach, where we understand their current level of maturity, use proactive assessments to expose vulnerabilities, address low-hanging exposure for quick wins and develop a sustainable plan to improve the organisation’s risk profile over time. 

Important measures to mitigate risk also include the introduction of Zero Trust strategies, monitoring and evaluation as well as the implementation of a Security Operations Centre.  

Article written by Sinamava Hina-Mvoko, Managing Executive Public Sector, BCX

Related articles

You may also be interested in

Headline

Never Miss A Story

Get our Weekly recap with the latest news, articles and resources.
Cookie policy

We use our own and third party cookies to allow us to understand how the site is used and to support our marketing campaigns.