Avatar photo

By Hein Kaiser

Journalist


CYBER ATTACKS: Why SA government has a data security crisis

Home affairs minister shocked at The Citizen showing him why his department – and online clickers – are easy prey for hackers.


Amid The Citizen’s investigations into vulnerabilities in the Home Affairs data system, Minister Leon Schreiber said his department can do much to improve its cyber security.

Schreiber said at its heart, home affairs is an IT department because essentially it warehouses data.

“Sadly, its IT infrastructure has degenerated over many years, impacting severely on service delivery and, based on the alleged incident The Citizen refers to, on information security.

“There is no doubt that home affairs has the responsibility to do much more to repair these vulnerabilities,” Schreiber said.

However, to make things much worse, home affairs’ efforts to undertake digital transformation are being undertaken with one hand tied behind its back.

ALSO READ: Govt can’t keep you safe: IT vulnerabilities could collapse SA in 3 days

Sita to blame?

In the home affairs department – and across government – SA is being held hostage by an artificial monopoly that few people have heard of: the State Information Technology Agency (Sita).

Sita has a regulated monopoly over IT in the state, which severely undermines the ability of departments like home affairs to exploit opportunities or fix the IT problems SA faces, including security, but also extending to aspects like system downtime at offices.

“As a result of the Sita monopoly,” Schreiber said, “when things go wrong with IT in departments like home affairs, those same departments are not fully empowered to fix the problem. It is a Kafkaesque Catch-22.”

ALSO READ: CYBER ATTACKS: ‘Open’ home affairs systems could spark large-scale identity theft

Schreiber said despite challenges, home affairs is committed to improving security and service delivery through digital transformation. This includes hiring additional expertise, filling key vacancies, and fostering a digital-first culture.

However, he highlighted the need for collective government action to address systemic IT issues, calling for an end to the Sita monopoly, which he deemed outdated and ineffective, to enable departments like home affairs to deliver the secure, world-class digital services South Africans deserve.

ALSO READ: CYBER ATTACKS: A history of hacks show data breaches are ‘taken too lightly in SA’

Identity theft possible

Organised crime expert Chad Thomas from IRS Forensic Investigations said a concern of a data breach would be identity theft.

“We have seen an uptick in identity theft where organised crime syndicates have stolen peoples’ identities for the express purposes of committing fraud or even opening mule bank accounts for the purposes of money laundering,” he said.

There is also the risk of using a South African citizen’s identity to wed a foreigner and expedite the residency process without that South African even knowing their identity was used.

ALSO READ: Data breaches cost SA organisations over R360m in 3 years

“Then there’s the added crime of insurance fraud where death certificates are generated for life insurance or funeral policies where, in some instances, the person may not be dead, or in some a synthetic identity is created.

“At the heart of this problem lies a symbiotic relationship between organised crime syndicates and complicit home affairs employees, made all the easier if the database security is compromised”, Thomas said.

Wayne Duvenage of the Organisation Undoing Tax Abuse said the government has not been extremely diligent when it comes to paying attention to data security and risks associated with cybercrime.

“Government systems contain vast amounts of personal information which needs to be protected with highest cyber security processes possible, yet this does not appear to be the case.

“Just as government applies laws and regulations for companies to protect personal information, they are expected to do the same and yet they fall foul of these strict requirements,” he said.

Read more on these topics

Cybercrime Home Affairs Leon Schreiber technology

For more news your way

Download our app and read this and other great stories on the move. Available for Android and iOS.