MOSS GONDWE: What can the government do to limit cyber threats?

After a year that saw one of the most hotly contested local government elections in our young democracy, one thing is clear: citizens are increasingly dependent on the state for protection and essential services. With national elections only a few years away, government needs to urgently shift focus to addressing some of the broader challenges facing our country.

In SA, a slew of high-profile attacks on core public sector systems have made headlines and undermined the ability of the state to deliver vital services to citizens. If we don’t quickly take bold action to address the scourge of cybercrime, any present efforts to build a strong and resilient public sector could quickly and devastatingly come to nought.

Governments, organisations besieged by cyberattacks

The pandemic may be widely hailed as the greatest accelerator of digital transformation ever, but it has also been rocket fuel propelling the global cybercrime industry to unprecedented levels of activity.

As organisations and governments digitise core processes and introduce new digital channels for remote work, distance learning, e-commerce, customer service and more, threat actors have found a gold mine of opportunity to launch crippling attacks.

New research has laid bare the extent to which organisations and governments across the globe are besieged by cyberattacks.

Eighty percent of global organisations in Mimecast’s State of Ransomware Readiness report said they had been attacked by ransomware in the past two years. Larger enterprises — with more than 5,000 employees — were the target of nearly 10,000 such attacks on average, over a two-year period.

In its State of Email Security 2021 report Mimecast found that 57% of SA organisations saw the volume of phishing attacks with malicious links or attachments increase, while 49% saw an increase in impersonation fraud or business email compromise, and 47% experienced business disruption as a result of a ransomware attack.

Mimecast’s threat hunting team also recently uncovered a scam involving postal services across at least 26 countries, including SA. A group of threat actors are using trusted postal services brands to trick consumers into sharing private and financial information, employing phishing emails and spoofed web pages.

What can governments do to protect against this growing scourge? The World Economic Forum (WEF) points to three key ways governments can protect against cyberattacks: by adjusting national cybersecurity policy frameworks, improving international co-operation, and conducting ongoing education initiatives to increase cybersecurity awareness.

Policy responses to cyber threats

Governments around the world are taking steps to combat the extreme risks posed by the global cybercrime industry. In 2021 the US justice department elevated the investigation of ransomware attacks to a similar priority level as terrorism after attackers successfully disrupted key national infrastructure, including Colonial Pipeline, which crippled the supply of fuel to the country’s East Coast.

Australia recently announced a new national plan to combat ransomware attacks, including increased penalties for those found guilty of perpetrating such attacks, and greater power for policing agencies to investigate and prosecute ransomware criminals. There’s also mandatory reporting of ransomware for businesses with a turnover of more than $10m per year.

Germany has adopted its Cyber Security Strategy 2021, which sets out the country’s response to ransomware and other cyberattack types for the next five years.

In the UAE, a National Cybersecurity Strategy was launched in 2019 with the aim of creating a safe and strong cyber infrastructure that keeps citizens and businesses safe. The establishment of a Cybersecurity Council headed up by the head of UAE Cybersecurity aims to strengthen the country’s capacity and improve response times and co-ordination against potential attacks. It comes in the wake of a 250% increase in cybersecurity incidents in that country.

SA has responded with the Cybercrimes Act, which creates new offences related to cybercrime and hands the police service and National Prosecuting Authority additional powers to investigate ransomware attacks, cyber forgery, extortion, and the unlawful interception of data.

The act came into law on December 1, although some of its sections are not yet in force. The hope is that law enforcement and prosecutorial authorities now have much-needed support in the fight against cybercrime and can more effectively investigate and prosecute cybercriminals.

Co-operation and awareness vital in fight against cybercrime

The World Economic Forum advises that governments need to formalise cyber-related information sharing and co-operation to unify the response to cyberattacks. Governments will need to work through structures such as the AU, European Parliament and other global bodies to ensure data and information about attacks and threat actors are shared.

Private companies, especially those operating in the cybersecurity industry, have a critical role to play too. Cybersecurity providers operating across multiple markets have highly valuable intel on attack types, new risks and threats, and threat actors that can inform government policies and responses.

In addition, a concerted national awareness campaign that informs citizens and small businesses of common and emerging cyber threats must be implemented with urgency. Such a campaign could follow the template of government’s response to the Covid-19 pandemic by providing regular communication about cyber risks and steps citizens can take to protect themselves.

Another example of a successful awareness campaign was the one around Cape Town’s water crisis in 2017-2018, where citizens were urged to save water to avoid “Day Zero”. Citizens could similarly be warned about cyber threats and the effects they might have on them personally.

A consumer-friendly information campaign could also follow the example of the “Zap It In The Zibi Can” anti-litter campaigns of the 1980s. This turned a mundane activity — putting trash in the can — into something that was fun, memorable and relatable to a broad swathe of the population.

Whatever form this takes, it is vital that national government takes bold steps to protect critical infrastructure, businesses and citizens from ruthless cybercriminals. Not doing so could expose the country to immense risk and undo much of the good work being done to rebuild our economy.

• Gondwe is public-sector director at Mimecast.