A Companies and Intellectual Property Commission (CIPC) spokesman has denied that it shut down its systems overnight on Wednesday because of last week’s breach in which sensitive customer and employee data was compromised.
The shutdown, described in a Wednesday statement by the CIPC as “urgent”, was scheduled between 2pm on Wednesday, 6 March and 8am on Thursday, 7 March, and led to the shutting down of CPIC online and call centre services as well as service centres in Cape Town, Johannesburg, Pretoria and Durban.
The CIPC, which falls under the department of trade, industry & competition, is responsible for maintaining the country’s business and intellectual property registrations. As such, it is a key cog in South Africa’s economy.
“This was routine maintenance and in no way related to last week’s data breach,” Lungile Dukwana, chief of strategy at the CIPC, told TechCentral on Thursday.
As of Thursday morning, users attempting to log into the CIPC portal were being forced to reset their passwords, including setting up multifactor authentication. However, users were still not able to access any of the portal’s functionality because the authentication system required use of systems operated by the department of home affairs, which were down on Thursday.
Meanwhile, dark web monitoring by cybersecurity company NEC XON noted that 140 credentials directly related to the CIPC hack were for sale on Wednesday morning.
According to a report by consumer technology site MyBroadband, the hacker group claiming credit for the CIPC attack used an exploit identical to one they used to breach the very same systems three years ago.
‘Reckless’
“They tried to cover their tracks when we pointed out the basic security holes. They are reckless with sensitive info,” the anonymous group told the publication. “This incompetence extended to them processing and storing credit cards in the clear.”
This is called “neutralisation”, said Anna Collard, security expert at KnowBe4 Africa. “From a psychological perspective, criminals still think they are good people, so they use neutralisation arguments to say the victim is at fault, in this case highlighting the CIPC’s incompetence, to justify their actions.”
According to Collard, some of the other things the hacker group is reported to have said, like how they will not sell CIPC customer data because they are after “the big guys”, are also neutralisation strategies designed to fool the public into seeing them in a positive light.
Read: Quantum computing will spark ‘cybersecurity Armageddon’
Collard warned that making the CIPC the enemy might make the public forget it is their privacy that the hacker group invaded.
“South Africans are very quick to blame the victim. Yes, they (the CIPC) made mistakes. But these hackers are still the criminals. This could have happened to anyone, so the question is what can be done going forward? We are always quick to blame government for being incompetent, but we do have to work together to solve this problem,” she said.
A big problem, particularly in government, is a lack of cybersecurity skills, compromising the ability to fend off attackers. According to a recent report by antivirus and cybersecurity firm Kapersky, it takes at least six months to fill the average cybersecurity vacancy and a year or more to hire for senior positions.
Read: CIPC hack: customers urged to change passwords
Since the data held by the CIPC affects both business and government alike, Collard believes that it is only through partnership that the threat can be managed effectively.
“We are all in this together. Business and government must find a way bridge the gap, and that means developing a pipeline for talent to be developed by opening internship opportunities for young people to gain experience.” — © 2024 NewsCentral Media