South Africa’s public sector has emerged as a prime target for cybercriminals following a spate of cyber-attacks on state-owned enterprises (SOEs) and government institutions.
Cybersecurity specialists at ESET Southern Africa, say more robust security measures and greater awareness among public sector workers are needed to help close the gaps in cybersecurity.
One of the most significant issues in the public sector is the lack of comprehensive security management. The public sector, and municipalities in particular, remain one of the most unmanaged environments when it comes to cybersecurity.
Although most entities have basic antivirus systems in place, these solutions are inadequate for the scale and complexity of their operations and often miss other critical elements which are necessary for an overarching cybersecurity strategy.
This lack of tailored cybersecurity solutions leaves public sector entities vulnerable to a broad range of threats, which are increasingly complex and sophisticated. From ransomware attacks to data breaches, the consequences of cyber-attacks in within the public sector can be devastating.
The financial and operational impact of cybercrime
The financial toll of cybercrime on South Africa’s public sector is staggering. The Department of Public Works and Infrastructure recently reported that R24 million was stolen in a cyber-attack in May 2024, adding to the R300-million stolen over the past decade.
Such incidents are not isolated: the Council for Scientific and Industrial Research estimates that cybercrime costs the South African economy up to R2,2-billion annually.
Beyond financial losses, the operational impact can be just as severe. The 2021 attack on Transnet’s ports caused widespread disruption to critical import and export activities. These incidents don’t just affect the targeted entity. They have far-reaching consequences that can disrupt entire supply chains.
Policy and governance
In response to the growing threat, the South African government has introduced the Directive on Public Service Information Security. Issued under the Public Service Act, 1994, this directive provides much-needed guidance on information security governance for national and provincial departments. However, more needs to be done to enforce these policies and ensure compliance across the public sector.
There’s a need for stronger governance and accountability. Public sector entities should have dedicated security teams, including Security Managers and Chief Security Officers, who can oversee the implementation of cybersecurity measures and ensure that systems are regularly audited for vulnerabilities.
Stealth and sophistication
One of the most concerning aspects of modern cyber-attacks is the ability of hackers to remain undetected within systems for extended periods and use sophisticated tactics to get employees to unwittingly release company payments into the wrong hands.
Hackers can lay dormant in a network for up to 298 days. During this time, they can collect passwords, banking information, and other sensitive data, only to strike when the moment is right.
There are other examples where hackers duplicate the mailbox of a director, convincing personnel to make unauthorised purchases. These relatively low-level breaches can quickly escalate into major financial losses and operational disruptions.
Proactive versus reactive cybersecurity
A proactive defence strategy is extremely important for public sector organisations to stay a step ahead of cyber criminals. This includes implementing advanced technical solutions while fostering a culture of security awareness among employees. Moving away from a reactive mindset towards a more proactive, preventative approach is a step in the right direction.
Cybersecurity is not a one-time solution; rather, it’s an ongoing process that requires vigilance, adaptation, and a willingness to invest in both people and technology.