Countering cyber crime

In 2007, the Gauteng Provincial Government (GPG) was hit by a major computer virus infection that left them off-line for three weeks, with astronomical downtime costs. In 2012, the Post Bank lost R42-million over a public holiday and in 2014, cyber criminals attempted to steal R3.5-billion from Eskom and R800-million from the Gautrain. In total R70-million was stolen from the Gautrain, of which R30-million was never recovered.

“The big four banks lose billions on an annual basis due to cyber criminals, with internal employees and syndicates involved,” said Gauteng Security Operations Centre’s Ignatius Govender. “In the context of government, the statistics are massive and investigations revealed insufficient security patrols, poor patch management, no continuous monitoring or remediation taking place. This is what led to us establishing the Gauteng Security Operations Centre (GSOC).

 “We leave work at 4pm and cyber criminals start work as we leave. Now we have a 24×7 Splunk-based system, built with government in mind.

“People are constantly watching, working shifts. We collect and analyse the logs from multiple systems, monitoring for incidents and sending an alert via telephone and SMS when a key targeted issue arises. On-site resolvers — who are IT analysts — are dispatched to fix incidents immediately, blocking and protecting systems. For example, if we see R2-million being transferred on a Sunday morning, we immediately raise the alert. Some systems should not be accessed over a weekend and the alert includes an IP address and location.”

According to Govender, once a system is infected or affected by malware, if this remains invisible it can slow or bring down the whole network, and if someone has taken control via the internet through a command and control server, huge sums of money can be stolen.

“We still have malware issues though memory sticks being put into PCs by users. Portraying bad events on a per-user basis allows us to compare the departments to each other. This has become a key report target for them and the auditor general. The department of health has specific challenges: old X-ray machines, for example, cannot run Windows, but this department is moving in the right direction as new controls are put in.” 

Dashboards have been set up for operational monitoring in each department, with data maps in the CIO’s office so he can drill down and investigate. “Even if there are 100 Sequel servers in a department there is one view and if there is a problem, within five minutes an on-site resolver is dispatched,” said Govender. He also said that data has specific information personalities in each system and if the personalities change, something is wrong. 

“If we understand the personality of information we can investigate and work together to find out what is going on. As more and more systems come online, you cannot afford to be blind.

“We have now found that people from the private sector, particularly banks, are coming to learn from what government has implemented and the more we migrate to digital, the more we need to ensure that information is secure and accessed by those with the authority to do so.”

Govender said sometimes IT security is taken for granted, but it is a point of entry for disease. “It becomes an ebola. By the time you have the means to take action, it is too late. Take the matter of IT security very, very seriously and make it part of performance contracts.”

Rebecca Haynes
Guest Author

Unfinished business: We need self-examination to heal from apartheid

Physical and psychological violence will continue unless we self-reflect on our apartheid scars

Coronavirus: South Africa will evacuate citizens from Wuhan

The government is expected to evacuate citizens from Wuhan, where the coronavirus outbreak originated

Primedia CEO Essack leaves following internal battles

Omar Essack leaves the 702 and 94.7 owners after a protracted standoff with the board

‘We’re satisfied with SA’s land reform policy’— US Ambassador

Top US official is lobbying multinational firms to invest in South Africa

Press Releases

Over R400-m given to businesses since launch of three-minute overdraft

The 3-minute overdraft radically reduces the time it takes for businesses to have their working capital needs met

Tourism can push Africa onto a new path – minister

The continent is fast becoming a dynamic sought-after tourist destination

South Africa’s education system is broken and unequal, and must be fixed without further delay

The Amnesty International report found that the South African government continues to miss its own education upgrading targets

Business travel industry generates billions

Meetings Africa is ready to take advantage of this lucrative opportunity

Conferences connect people to ideas

The World Expo and Meetings Africa are all about stimulating innovation – and income

SAB Zenzele Kabili B-BBEE share scheme

New scheme to be launched following the biggest B-BBEE FMCG payout in South Africa’s history

Digging deep

Automation is unstoppable, but if we're strategic about its implementation, it presents major opportunities

TFSAs are the gymnasts of the retirement savings world

The idea is to get South Africans to save, but it's best to do your research first to find out if a TFSA is really suited to your needs