South Africa’s public sector is a prime target for cyber criminals, thanks to its efforts to digitise public service, while lacking resources and skills to properly secure it.

This is the warning from KnowBe4 Africa, who’s recent ransomware survey in partnership with ITWeb found that the public sector was among those least prepared to mitigate or manage a ransomware attack.

The survey found that while 77% of respondents in the finance industry and 70% in the telecommunications sector were prepared for ransomware and cyber extortion attacks, only 34% in the government and education sectors said they were prepared.

Anna Collard, SVP of content strategy and evangelist at KnowBe4 Africa, says this is cause for concern, since the number of ransomware attacks on public sector and local governments is increasing worldwide. “SonicWall reported that in the first half of last year, ransomware attacks skyrocketed and government entities were facing more attacks than any other sector,” Collard says. “By November last year, consultancy CyberEdge said at least 68% of surveyed government organisations had been compromised by one or more cyber-attacks in the past 12 months.”

Collard says public sector organisations are prime targets partly because they often lack the resources to mitigate and manage attacks, but also because attacks on these entities impact so many people. “The impact can be huge, long-lasting and can affect society at large. Criminals know that the more leverage they have, the more likely they are to get a payout. The reality is that attacks on public sector organisations are still too lucrative for criminals to stop. According to Orange Cyberdefense Security Navigator report 2022, criminal syndicates find it easier to target and negotiate with victims where they understand their language and culture. It is difficult to negotiate and ‘do business’ with people whose culture you have no understanding of. Therefore, South Africa, with a westernised culture and English as a common business language, is an easy target. What makes the situation worse for South Africa is that our public sector is unprepared, and lacks the resources to mount a proper defence.”

Collard believes that South Africa needs better coordinated response teams and support from the private sector: “A problem we have in South Africa is a lack of national and communal responsibility. You may have good people sprinkled throughout the public sector, but there are not enough of them and many organisations do not know who to call when an attack does happen. In most cases, the army and police would not know what to do, and there is not enough alignment between departments.What may help is more voluntary industry working groups one could turn to when attacks happen; and more national and municipal Community Emergency Response Teams (CERTs),” she says.

“By building a rapid task force incorporating volunteers and/or national and municipal CERTs, local public sector organisations would be able to react quickly to major disasters and receive on-site assistance with the relevant IT systems. The primary objective should always be protecting the population from the effects of failures or restrictions on the critical infrastructure or its critical supply service.”

KnowBe4, in collaboration with Orange Cyberdefence, has prepared ransomware guidelines for the South African Cybersecurity Hub, to help public sector organisations better understand ransomware, mitigate risk and manage attacks.  “Government cyber resilience is crucial for everyone, and we need to help governments be better prepared,” she concludes.