By Carlo Bolzonello, country lead for Trellix in South Africa
There’s been a substantial increase in the number of cyber security incidents that have compromised critical and state infrastructure in South Africa in recent months, with the cyber attacks that compromised the country’s ports in 2021, to fires in Parliament and attacks on critical communications technology.
As cyber criminals adapt and evolve as quickly as technology develops, the only certainty is that they will proliferate in numbers, and their crimes will be ever-increasingly imaginative and destructive, striking at the hearts of national digital assets and holding government and related stakeholders to ransom – either specifically or through other types of cyberattacks.
The Critical Infrastructure Act 8 of 2019 recognises that certain infrastructure is critical for public safety, national security, and the continuous provision of basic public services. The Cybercrimes Act 19 of 2020 also sets out to define offences relating to cybercrime, including criminalising the disclosure of data and regulating powers and jurisdiction to investigate and prosecute cybercrimes.
Having legislation in place is a great start, but the cybercrime landscape changes rapidly, and even though countries all over the world have similar legislation in place, there have been very few test cases that define just where the boundaries of jurisdiction and sovereignty lie. This lack of clarity about who can investigate what, where, and in whose jurisdiction means that very few international cyber criminals are investigated, traced and prosecuted.
In a world where there’s a new or more sophisticated cyber threat every minute, South Africa’s state infrastructure is particularly vulnerable to attack. As an example, imagine the devastation if the country were to fall prey to an attack like last year’s Colonial Pipeline incident? What would happen if the country’s sole electricity utility were to be compromised – or if its sole airports company could not communicate with aircraft in the sky or on the ground?
That’s why countries like South Africa need to do everything they can to prevent cyberattacks. A holistic, integrated security ecosystem and a cloud-first approach that allows all security products to work in unison is how they can stay one step ahead of adversaries, by harnessing the power of machine learning and automation to unlock insights and streamline workflows.
What South Africa does need, perhaps, is a public-private partnership where government welcomes cyber security providers into a collaborative environment, to find ways to solve these challenges together. South Africa cannot succeed in its fourth industrial revolution journey without secure digital environments – but it will require investment from everyone involved to first protect the state’s digital assets.
Much of government’s technology and infrastructure are old, which inhibits the implementation of future-proof cybersecurity platforms. Government needs to invest in a strategic blueprint of technology acquisitions and deployment to provide a ten year road map of where we’re going, so that decisions can be made to support and secure that technology.
That’s why an extended detection and response approach to security, that uses machine learning and automation to complement human skills, protects private and public sector environments, helping them adapt and stay agile, and able to respond to active threats through dynamic prevention policies.