Protecting essential services from cyberattacks

Mazen Dohaji, Vice President – iMETA, at LogRhythm explains how governments entities can protect their operations and citizens from major data breaches. 

Cybersecurity has become a key concern for federal agencies as threats evolve and infrastructure expands. As ransomware attacks rise globally, the public sector must upscale its approach in the fight to stay ahead of attackers.

Ransomware attacks are now one of the fastest growing forms of cybercrime in the world. According to Statista, 68.5% of organizations have been victimized by ransomware this year. This is an increase from the previous three years and the highest figure reported so far. As a desirable target, government agencies are becoming an ever-increasingly involved in prevailing cyberthreats.

The recent ransomware attack on the South African Justice Department is just one example of the growing threat landscape experienced by government entities. The breach resulted in all information systems being encrypted and unavailable to internal employees and members of the public. It affected all electronic services provided by the department, including issuing of letters of authority, bail services, email, and the departmental website.

Earlier this year, another state-owned company, Transnet, revealed that it had suffered a disruption of its IT systems. It saw the rail, port, and pipeline company’s operations come to a near halt.

To mitigate future attacks and safeguard citizens, it’s imperative for government agencies to identify the most critical threats to focus resources where they will have the most impact.

A Vulnerable Target
The justice system is highly dependent on a functioning IT system, with the COVID-19 lockdowns already impacting the flow of processes provided by departments, they cannot afford any further vulnerabilities.

As a result of the ransomware attack on the South African Justice department, child maintenance payments have been delayed due to the departmental system not being accessible. Government shutdowns are extremely impactful and may be more of a reason for victims to pay ransom put up by these criminals. It’s more than just the information they have in their databases at risk, it’s also the trust of citizens depending on the services it provides.

The shortage of proper fundamentals to keep processes running smoothly and safely in these organizations leads to increasing vulnerabilities slipping through the cracks and allowing for situations like this to present themselves.

Failure to invest enough in cybersecurity protections can heavily contribute towards governments being left in a vulnerable position when it comes to ransomware attacks. Governments in Africa and across the world must implement a resilient and adaptable security strategy that builds confidence and agency support to scale their threat detection and response.

Building a ‘Security- First’ Foundation
Cyber threats are constantly evolving, and after experiencing a series of attacks this year, government agencies in Africa must operate under the assumption that motivated threat actors can and will infiltrate their network environments. It is only a matter of time until the next attack is initiated.

Tackling the growing trend in ransomware attacks on government sectors involves going back to basics. This means assessing IT hygiene, access controls and end-point protection.

The regular implementation of software updates and patching is fundamental in securing the strength of a government’s cyber-security posture. Getting into the routine of performing system backups can also be a key differentiator in the face of ransomware attacks. This provides government entities with the safety net to be able to restore comprised systems and reduce recovery time.

Enabling an improved level of basic IT hygiene involves investing in regular staff training. As the rate of ransomware attacks increase on government entities, it is becoming more essential than ever that organizations ensure that attacks instigated by human error are reduced. Increased awareness into how threat actors operate could be a major factor in preventing a potential attack on government networks in Africa.

On top of reduced human error, government sectors can also deploy effective security technologies to lessen the risk posed by ransomware attacks. Security analytics tools provide analysis environments for forensic evaluations and attack reconstructions, allowing government security teams to study the attack methods that were used and the vulnerabilities that were exploited to breach its systems. Armed with this knowledge, government sectors in Africa can fortify weaknesses to prevent similar attacks.

Many African states are at a turning point in their journeys towards cyber maturity.
When it comes to stopping threats like ransomware, seconds matter. Focusing on detecting and responding to threats empowers security teams to advance a government agency’s overall security posture and operations resiliency.

Protecting the Future of the Public Sector
Cybersecurity has been important in ensuring the continuity of services for decades, yet the rapid increase in ransomware attacks in the last year has quickly shifted its significance. To arm against inevitable future attacks, governments will have to make their security strategy a central focus in their operations.

The growing attack surface on the public sector demands a new innovative approach from governments in Africa. With a solid strategy in place, government entities can eliminate blind spots across their agency network, giving complete visibility into IT and OT environments.