Hackers move in for the kill on slack IT systems

2012-02-18 17:56

The Auditor-General (A-G) says lax government information technology system security must be tightened up to make it less vulnerable to hackers.

A top IT researcher has warned that “hackers and criminals are having a picnic in government departments and entities”, all at taxpayers’ expense.

The warnings come in the wake of an audit of government IT systems which found that many government departments and state-owned organisations had defective IT systems.

Deputy Auditor-General Kimi Makwetu said gaps in IT controls left the government vulnerable to criminal behaviour.

“Somebody can hack into departments and entities when they are as far away as India or Dubai if the security controls that are supposed to prevent that person from accessing information are not there.

“It shouldn’t be easy to get through these controls, which are meant to be prevalent in government,” said Makwetu.

The AG’s general report on national audit outcomes found that:

» 81% of the 37 audited national departments lack the security controls to stop unauthorised access to the IT networks that generate and prepare financial information;

» 92% of the departments lacked proper user access management procedures that would allow only authorised users to effect and approve transactions in their IT systems;

» 79% lacked IT governance policies and structures which would ensure their IT systems were in line with their business; and,

» All the audited departments lacked the software and applications that would allow them to recover their data in case of a disaster.

Even the custodian of government information systems, the State Information Technology Agency, failed the audit.

The audit found weaknesses in the supply chain management which deals with the procurement of goods and services by government.

“Financial transactions are done through computers and when we test things like user access management, we want to find out how easy it is for a person to gain access to a department network to do the electronic transfer of funds,” Makwetu said.

“No one, including employees, should find it easy to do electronic funds transfers. If you don’t have controlled access those employees can do all sorts of transactions and be out before you know it.”

Most departments blamed their problems on the department of public service and administration, which has not come up with an IT security policy for government.

He said departments and entities often did not follow up on reports about unauthorised employees or outsiders who tried to gain access to their networks.

IT research company World Wide Worx founder Arthur Goldstuck said: “The hackers and criminals are having a picnic in government departments and entities at the expense of the taxpayer.”

“Ultimately the problem boils down to limited oversight. The public sector doesn’t have the skills to apply the IT controls or the knowledge to appoint the right people with the skills to apply the controls needed. That is why controls are not in place in government,” said Goldstuck.

Dumisane Nkwamba, the spokesperson for the depart-ment of public service, said his department was not ready to comment about the A-G’s findings.

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.