In an effort to help government departments and agencies to mitigate the risk of being affected by ransomware attacks, the Department of Public Service and Administration (DPSA) recently issued a circular with action-orientation cybersecurity strategies.
The Department’s Director-General, Ms Yoliswa Makhasi said in the recent past months, cybersecurity incidents have been on the rise with ransomware attacks against government departments that caused significant service delivery interruptions, and bringing service delivery at service points to a standstill.
“The purpose of the circular is to provide the necessary measures that departments must urgently implement to mitigate the risks associated with the continuous cybersecurity attacks to public sector institutions.
“These attacks pose significant risk to the ongoing operations of government and ultimately to government’s ability to protect its data and deliver services.
“Those that seek to exploit the vulnerabilities within government Information Technology (IT) systems will surely be looking at the recent cyber security incidents with a view of expanding their nefarious activities. It is therefore, imperative that government responds quickly and in a coordinated manner to secure its IT systems and data,” said DG Makhasi.
Implementation of the circular
Ms Makhasi said Head of Departments are requested to ensure that the following measures are implemented by the Government Information Technology Officer (GITO’s).
- All departmental IT systems and data is backed up regularly. The frequency of data backups must be determined by the sensitivity and criticality of IT system and the data;
- The department email system has a functioning and up to date anti-spam component installed;
- All department firewalls are active and have the latest operating system and application security patches are installed;
- All firewalls rule bases are checked for suspicious and high-risk rules;
- All serves and End-user Devices (desktops and laptops have an antivirus software programme that is installed, is functioning and that it has an up-to-date antivirus signature;
- All Servers and End-user Devices (desktops and laptops) have the latest operating system and application software security patches;
- All externally accessible ICT systems have security hardening protocols applied to them (Web servers);
- Web Application Protection (WAF) is installed and functioning on all external facing Departmental Web Servers;
- Web Content Filtering (Proxy) is installed and functioning;
- Endpoint Encryption is installed and functioning;
- An Intrusion Detection and Prevention system (IDS/IPS) is installed and functioning at critical or sensitive areas within the department’s network;
- Regular vulnerability assessments are conducted;
- All users are immediately made aware of Cybersecurity threats and this must be followed up by continuous cybersecurity awareness messaging; and
- All users are immediately made aware of cybersecurity threats and this must be followed up by continuous cybersecurity awareness messaging.