Cybercriminals have stolen at least R300 million from South African taxpayers over the past ten years thanks to security flaws at the Department of Public Works and Infrastructure.
I am just dumbstruck over this, and can only quote the Minister’s own words here: “The minister said it was unthinkable that this had gone on for so long without being noticed”.
When is South Africa going to take cybersecurity seriously with government? Despite the Cybersecurity Hub , a National Cybersecurity Policy Framework (NCPF), etc, we see posts and a website, but very little in the way of actual preventative actions. The country has been embarrassed by more than one department denying they’ve been hacked at all, only to find out a week later after the data is leaked, that the department had no clue what they were talking about.
I’ve actually tried contacting the Cybersecurity Hub using their PGP encrypted e-mail to get suggestions on bolstering a government website I assisted in maintaining, but never got any response from them at all. I think at one stage their mailbox was also full.
Cybersecurity is not just about financial loss, or exposing citizen’s private data, but also about protecting the very sovereignty of the country. Intrusions today can also expose backend systems and even state or military secrets.
I’m really not sure these types of expertise actually exist within the departments themselves, as they are firstly highly specialised, but are also evolving daily.
See https://mybroadband.co.za/news/security/543863-r300-million-stolen-in-massive-cyber-heist.html