State pension fund administrator staves off cyberattack

The Government Employees Pension Fund (GEPF) is in the process of restoring communications systems at the Government Pensions Administration Agency (GPAA) following an attempted hack that forced a systemwide shutdown last Friday.

According to a notice posted on the GEPF website last week, the shutdown affected its regional offices, call centres and other service points, making it impossible for clients to get help regarding their pension administration queries.

“The GPAA has since established that the fund’s information communication system experienced an attempt to gain unauthorised access to GEPF systems. As part of their security measures, the GPAA shut down all systems to isolate affected areas and prevent any breaches,” said the GEPF in a statement.

The uptick in the frequency of cyberattacks on public institutions in recent years is a cause for concern. In 2021, a suspected ransomware attack at Transnet forced the state-owned logistics operator to declare force majeure – a contractual clause that removes liability from a business due to unforeseeable and unavoidable catastrophes derailing operations. Transnet’s Cape Town, Durban, Ngqura and Gqebehra ports all came to a standstill as a result of that attack.

Later that same year, in September, the justice department was hit by a ransomware attack that crippled its information systems, leaving them encrypted and unusable. The incident caused the Information Regulator to launch an “own initiative” investigation into the matter and a subsequent R5-million fine was meted out by the regulator. The justice department is currently challenging the fine in court.

Plugging the gaps

In what can only be described as an English teacher’s dream for a lesson in irony, the State Security Agency – whose mandate “is to provide government with intelligence on domestic and foreign threats to national stability” – was hacked just days before the start of the Brics summit in August last year.

“Experts agree that in the case of South Africa, as with most countries, it is only a matter of time before the country experiences a highly disruptive attack,” Adius Ncube, a public sector practice partner at Oliver Wyman Consulting, wrote in a piece on TechCentral late last year.

But plugging the gaps in South Africa’s public sector IT security infrastructure requires skilled manpower, an area in which the country finds itself sorely lacking. Central to the issue is the ongoing skills deficit, there are just not enough skilled personnel being produced to fulfil the demand in industry.

The public sector is also at a disadvantage when it comes to competing with private entities for scarce IT talent. Most of the time, higher earnings potential and greater opportunities for advancement are touted as the private sector’s winning drawcards. However, events like the resignation of former State IT Agency CEO Bongani Mabaso after only nine months suggest that differences in salary may not be as significant as workplace culture.

Fortunately for the GEPF, its cybersecurity systems and personnel were up to the task of detecting and thwarting the attack before any damage was done – this time around.

Read: Info Regulator to probe ‘daring cyberattack’ on State Security Agency

“The GEPF once again assures its members, pensioners and beneficiaries that their benefits and personal information are safe, and the administration system has not been compromised. At this point, the system restoration is still in progress and the fund will provide daily updates to all stakeholders until all systems are back online,” it said.  – © 2024 NewsCentral Media

Get breaking news alerts from TechCentral on WhatsApp