My Biz

Submit content

My Account


Cybersecurity News South Africa

R300m DPWI cyber theft the latest signs of failing state IT infrastructure

In light of a major cybercrime theft at the Department of Public Works and Infrastructure, South Africa's cybersecurity vulnerabilities have become a pressing issue. Over the past decade, at least R300m has been stolen, with a recent cyberattack in May 2024 resulting in an additional R24m being siphoned off. This has prompted a comprehensive forensic investigation involving multiple agencies and cybersecurity experts.
Dean Macpherson was quick to take the country into his confidence on the cyber breach
Dean Macpherson was quick to take the country into his confidence on the cyber breach

Dean Macpherson, the Minister of Public Works and Infrastructure, has expressed a firm stance against corruption and emphasised the need for better financial controls.

“It is unthinkable that this has gone on for so long without being noticed,” said Macpherson.

He highlighted the introduction of an advanced forensic probe to identify those involved in the mismanagement and stressed the urgency of stopping unchecked looting to improve the lives of South Africans through better infrastructure.

Rising cyber threats

The broader context of South Africa's cybersecurity landscape reveals significant challenges. The country has seen a dramatic increase in cybercrime, with ransomware attacks and business email compromises becoming more frequent.

According to the South African Council for Scientific and Industrial Research (CSIR), South Africa is the eighth most targeted country globally for ransomware attacks.

Cybersecurity analyst Simnikiwe Mzekandaba warns, "The forecast is bleak if current trends continue. Without immediate and robust measures, we can expect cybercrime incidents to rise further, exacerbating economic and social instability."

High-profile incidents

In 2019, Johannesburg’s electricity utility, City Power, faced a ransomware attack that disrupted power supplies.

Life Healthcare Group, South Africa’s second-largest private hospital, was attacked in 2020, affecting its admissions and processing systems.

More recently, in August 2023, the South African National Defence Force (SANDF) experienced a significant data breach, exposing highly classified information.

Government's response

The South African government has developed the National Cybersecurity Policy Framework (NCPF) to coordinate and implement cybersecurity measures.

However, the State Security Agency (SSA), tasked with overseeing these efforts, has been criticised for being under resourced and underdeveloped.

In 2015, the government approved the creation of a military Cyber Command, but due to deprioritised defence spending, the command remains inadequately funded and equipped.

The State Information Technology Agency (SITA), responsible for providing IT services to government departments and ensuring the security of government information systems, plays a crucial role in the cybersecurity strategy.

However, SITA has struggled with resource constraints and prioritisation issues. The current turmoil within SITA’s leadership, as former board members fight for reinstatement, further complicates the situation.

Canary in the coal mine

Dr Russell Buchan, co-author of a recent report on South Africa's cyber strategy, emphasised the urgent need for a comprehensive approach.

“South Africa must prioritise cybersecurity at the highest levels of government and invest in developing both defensive and offensive capabilities.”

The current state of affairs leaves critical infrastructure and sensitive data alarmingly exposed

In response to the Public Works theft, the department has suspended four officials and seized 30 laptops for investigation.

The vulnerabilities identified include weak ICT infrastructure, lack of staff capacity, and susceptibility to cybercrime. The ministry is implementing immediate measures to strengthen financial controls and enhance ICT security systems.

Looking ahead

The report by Buchan and Devanny calls for increased funding for cyber defence, improved cyber hygiene practices across public and private sectors, and enhanced international cooperation to combat cybercrime effectively.

As South Africa addresses its cybersecurity vulnerabilities, the focus must remain on protecting the nation's digital infrastructure and preventing further economic and social disruption.

New minister of Communications and Digital Technologies, Solomon Malatsi has yet to release a statement regarding the situation.

About Lindsey Schutters

Lindsey is the editor for ICT, Construction&Engineering and Energy&Mining at Bizcommunity
Let's do Biz