The public sector is becoming an increasingly attractive target for cybercriminals everywhere, according to the latest report from KnowBe4. It showed that cyberattacks in the public sector have seen a sharp rise. This is worrying as government agencies and public sector services retain personal data on the vast majority of people. This feature explores the outcomes of this report and also zooms in on the challenges faced in Sub Saharan Africa.
KnowBe4, a provider of security awareness training and a simulated phishing platform, released its report on the most popular and prolific cybercrimes of 2023 with a focus on the public sector. The report examines cybercrime trends, statistics and real life examples on a global scale as well as breaking it down by specific countries and regions, while providing possible defences to safeguard against it.
The public sector is becoming an increasingly attractive target for cybercriminals everywhere. This comes as no surprise as government agencies and public sector services retain personal data on the vast majority of people, information that is invaluable to cybercriminals.
The report is packed with startling facts and statistics highlighting the sharp rise in cyberattacks in this sector. Some of these include:
● Cyberattacks against government agencies and public sector services increased by 40% in the second quarter of 2023 compared to the first
● Government agencies and law practices experienced the largest spike in ransomware attacks at 95% in quarter three of 2023
● Global ransomware attacks were up by 95% in the third quarter of 2023 when compared to the same period in 2022
● The cost of a data breach increased by 15% over three years
● Generative AI is increasingly being adopted by cybercriminals to create sophisticated social engineering attacks
In our current digital era, common and constantly updated tactics of social engineering such as phishing, vishing, spear phishing and smishing continue to be the most popular and effective tactics used by cybercriminals to gain access to systems and initiate their attacks. There is a critical need to strengthen the human aspect of cybersecurity within organisations through comprehensive security awareness training. It is an undeniable fact that employees, the last line of defence, can inadvertently become the weakest link in the security chain.
“Through proper training initiatives, this cost-effective and straightforward approach can effectively counteract social engineering tactics,” said Stu Sjouwerman, CEO, KnowBe4. “However, as the sophistication of attacks designed to exploit the human factor increases, the continuous reinforcement of a strong security culture is an indispensable tool for enduring digital defense and operational continuity.”
Some of the biggest challenges are the lack of priority by governments, a relatively low level of general cyberawareness as well as a lack of IT and cybersecurity skills. 2023 has been a difficult year for Sub Saharan Africa’s economy. With growth slowing to 3.3% from 4% in 2022, the region is faced with some of the most daunting challenges in the world such as limited resources, urgent humanitarian and development needs, energy crises, poverty and high youth unemployment rates. These challenges may explain a lesser focus on perceived non-business critical tasks such as cybersecurity culture.
However, this deprioritisation needs to change urgently if Africa wants to participate in the global digital economy. Cyber extortionists are looking for leverage. The more impact or damage they can cause and the more pressure can be applied on a victim’s organisation, the more ransom can be demanded and the more success they have in getting this ransom paid out.
Anna Collard, Evangelist at KnowBe4 Africa, said: “We’ve conducted multiple surveys over the course of the last three years about South Africa’s preparedness to deal with emerging threats as well as existing cyberattacks, particularly around cyber extortion and ransomware. In these surveys, the public sector, as well as construction and education sectors, have consistently scored very low in both general cybersecurity culture and cyber-resilience when compared to our financial and banking sectors. This is concerning, as threats to South Africa’s critical infrastructure can have a detrimental impact on our economy and our society at large.
“As we have already experienced by the multiple attacks against South Africa’s Department of Justice, with the most recent one in October 2023 that impacted payouts to those that need it most. Other examples include poor security at South Africa’s Postbank that resulted in R150 million being siphoned off, as well as the ransomware attack against Transnet in 2021 resulting in severe disruptions of operations at South African ports.”
The blatant vulnerabilities within South Africa’s public sector organisations, a lack of budget, adequate resources and skills shortage coupled with the fact that disruptions in this sector can have significant impact not just on the economy but to the society at large makes this a highly attractive target.
The South African Council for Scientific and Industrial Research (CSIR) expects an increase in cyberattacks on government departments and critical infrastructure, impacting private sector organisations, societies and countries’ economies alike.
The majority of African organisations are embracing emerging technologies and embedding it into their day-to-day operations. At the same time, not enough is being done yet to regulate the use thereof or educate users on risks such as disinformation, security and privacy, ethical concerns such as bias, inaccuracies and impact on critical thinking.
These are challenges that need to be addressed by a combination of regulation, guidelines and awareness training. Special attention should be given to threats posed to society through malicious use of new technologies such as deepfakes, especially when used for political manipulation. Major elections in South Africa and other areas of the continent in 2024 will drive the need for education campaigns. More public and private partnerships are required to assist our public sector organisations to build capacity, address the skills shortage and become more resilient in this ever-growing digital world.