+
EDITOR’S QUESTION
THOMAS MANGWIRO,
PUBLIC SECTOR SECURITY
SPECIALIST AT MIMECAST
M
ilitary risks immediately spring
to mind. A recent report found
that even the Pentagon’s
latest advanced military systems are
vulnerable and can be ‘easily hacked’. The
consequences for citizens of rogue military
assets is unthinkable. But that fear is not
reserved for fighter jets and frigates – the
hacking of a nation’s tax collection system,
for example, would have a crippling effect
on the economy, global investor confidence,
disbursement of social and public services,
and citizen trust in government institutions. improved cybersecurity awareness
and information sharing across
the South African public and
private sectors. And Defence
Minister Nosiviwe Mapisa-
Nqakula’s recent commitment to
collaborate with other countries
to effectively deal with the
challenge of modern cybersecurity
is a timely acknowledgement
that South Africa is as vulnerable
to cyberthreats as its more
developed peers.
South African cyber resilience in
the spotlight I would argue that Minister
Mapisa-Nqakula and her
colleagues should prioritise cyber
resilience within the public sector
as a first line of cyber defence.
Cyber resilience refers to an
organisation’s ability to continue
to operate or deliver services
despite adverse cyber events. And
its first port of call in this regard
should be greater awareness
among its hundreds of thousands
of employees regarding the
different types of cybersecurity
threats, how to spot them, and
how to prevent them.
A succession of high-profile government
data breaches both locally and abroad
has cast a stark light on the importance
of effective public sector cybersecurity
policies and protections. Without fully
functional public institutions such as
revenue collection, freight handling, military
defence and social grant disbursement,
governments will find it hard to instil
confidence among its various stakeholders,
and service delivery to citizens, businesses
and public institutions will be impeded.
The rise of the smart city – a catch-all phrase
for cities that utilise emerging technologies
such as IoT to improve service delivery and
enhance the citizen experience – further
complicates matters. With the digitisation of
government in full swing, any exploitation of
cybersecurity vulnerabilities of the operational
technologies that power our electricity
generation or freight handling capabilities
could cripple essential government services
and leave millions without much-needed
public or social services.
The South African government has taken
note. The Cybersecurity Hub established by
the Department of Telecommunications
and Postal Services is a positive step toward
www.intelligentcio.com
Action plan for improved
cybersecurity awareness
Awareness training, a process of ensuring
employees have the knowledge and insight
to identify potential cyberthreats, is an
indispensable part of any effective cyber
defence strategy. But government should
look beyond defence-only cybersecurity to
a cyber resilience strategy built on three
key principles: ensuring the correct security
measures are in place prior to an attack;
implementing a durability plan to keep email
and business operations running during an
attack; and ensuring they have the ability to
recover data and critical IP after an attack.
///////////////////
According to a Google Consumer Research
report commissioned by Mimecast, nearly
one in four employees aren’t even aware
of the most basic cyberthreats to their
organisation, including phishing and
ransomware. Imagine the dire consequences
of a successful ransomware attack on a
government department providing medical
services to vulnerable citizens.
Public sector employees are government’s
most valuable assets in the fight against
cyberthreats. But without proper awareness
and training, they will remain ill-equipped
to deal with the growing complexity of
modern cyberthreats – with potentially
devastating consequences for our citizens,
country and democracy.
INTELLIGENTCIO
25