Fri, 17 Jan 2025
22.7 C
Durban

Why government needs to take ransomware seriously

Home Business Management Disaster Management Why government needs to take ransomware seriously

WITH October marking International Cybersecurity Awareness Month, Chris Buchanan, Client Solutions Director Dell Technologies South Africa argues that government needs to take cyber threats a lot more seriously.

Cyberattacks and disruptive events are on the eise, affecting 82% of organisations surveyed in the Dell Technologies Global Data Protection Index 2020 Snapshot. These organisations included both public and private organisations.

National and local government leaders need to take these issues seriously. While organisations across sub-Saharan Africa are increasingly leveraging multiple cloud deployments to achieve digital transformation, data could be at risk and the need for a clear and defined cybersecurity strategy becomes clear.

Ultimately data is the target in ransomware attacks. According to a study conducted by World Wide Worx, titled “Cloud in Africa 2020”, respondents were asked about the main security concerns they perceived to exist in cloud technology.

Nearly two thirds (63%) of respondents reported data security and the possibility of a data breach to be the main concern.

An investment in the right technology and careful execution of cyber procedures will immediately transform the security posture of national and local government bodies. The timing of an attack is hard to pre-empt, so government needs to be prepared should this happen.

Develop a cyber playbook

Like agencies that have preparedness plans to protect and respond to natural disasters, cybersecurity teams also need to plan in advance for cyber incidents, this should include the development of playbooks with varying scenarios. Flexibility matters because as an organisation’s goals change, so do the risks.

Train, train and train again

Having government institutions in place and on high alert doesn’t ensure citizen data will be protected. One important scenario to consider is when data or a system becomes unavailable or corrupted. This is where developing a system backup plan comes in, to know how long an organisation can operate through an outage, and how to transition to paper logs if necessary.

Security teams should always utilise opportunities for continual training. When a new member joins the team, use the onboarding process to reintroduce exercises and best practices to the whole team.

Leaders should also leverage creative methods—including team events and gaming-based training, such as capture the flag and software that simulates attacks—to facilitate greater participation and learning.

These scenarios should include best-case and worst-case outcomes of an attack. Awareness training is also key for teams to be able to identify and respond correctly to suspicious activity within networks.

Audit (and supplement) personnel

Cyber leaders should continually audit organisational roles to determine specific strengths and weaknesses within their teams to assess their stance on risk management.

The need for cyber talent is clear – The lack of cyber personnel and resources are undeniable globally and South Africa often loses skilled cybersecurity professionals to other global players, just making the gap bigger.

A successful way to bridge this gap is through a hybrid managed service model, which includes a combination of civil servants and support agreements with private sector companies that help augment resources to respond quickly in the face of cyber incidents.

Proper cyber hygiene

Cyber hygiene isn’t a one-off exercise or something that is observed during International Cybersecurity Awareness Month, once a year in October — It’s a consistent mindset that encompasses all parts of our life and a continual journey.

As governments reinvent the ways they operate and interface with constituents, they must also empower employees through a workforce transformation to meet the growing security expectations of the 21st century. This needs to be a year-round effort, with substantial, calculated investments in employees through awareness campaigns.

Cyber hygiene and culture begin at home. It’s important government organisations and employees educate using phishing exercises and cyber literacy, helping understand the possible negative consequences both at home and in the workplace.

Invest in infrastructure with built-in security

Government organisations struggle to protect the numerous endpoints that fall outside of the traditional security reach of the organisation. As the number of tools and cloud-based systems increases, the volume of generated data also rises, expanding IT infrastructure beyond data centres, making it harder to protect against threats.

It’s vital then for governments to invest in a secure, flexible infrastructure from the beginning, extending from edge to core to cloud. Doing so will allow them to focus on continually improving citizen experience without having to worry about the disruption of layering security on top.

The road ahead

An investment in a comprehensive security approach saves invaluable time and resources, but also preserves public trust. For example, if citizens can’t trust an online portal to conduct business with the government, they may all show up in person, disrupting service and organisational processes, or perhaps worse, their needs may go unmet.

Fighting ransomware is an iterative process that measures progress. Government bodies should tailor these efforts to make the most significant impact within organisation and meet with their business peers to re-assess risk and adjust the course of the cybersecurity program accordingly. – GeekWire.co.za

Most Popular

Maximum compatibility and safety from new connections

WITH the new, optimised Nexus Connect flare connection, the Ingelfingen-based technology company Gemü is now introducing an innovative flare connection for its CleanStar and...

Powered grease gun a leap in lubrication innovation

SKF has launched its innovative TLGB 21 battery-driven grease gun that optimises lubrication efficiency and reduces costs by seamlessly combining advanced technology with a...

Donated tow tractor keeps Eastern Cape air ambulances flying

TO help save lives in the Gqeberha region of the Eastern Cape, the team at Toyota Material Handling, a division of CFAO Equipment, donated...

Real-time belt rip detection saves costs, reduces downtime and prevents injury

BECKER Mining has launched the newly developed BRS4.0 belt rip detection system, with advanced features for greater durability, higher efficiency and improved safety. Typical...