Cybersecurity specialist NEC XON is advising users affected by the recent data breach at the Companies and Intellectual Property Commission (CIPC) to change their passwords and enable multi-factor authentication for online services, according to Tech Central. NEC XON discovered over 140 compromised credentials from the CIPC breach available on the dark web.
Armand Kruger, Head of Cybersecurity at NEC XON, revealed that some of the credentials provide access to health insurance providers and online banking systems. The CIPC, targeted in the cyberattack, has shut down certain systems, acknowledging that personal information of clients and employees was unlawfully accessed and exposed.
The breach raises concerns about the security of government agencies and state-owned enterprises in South Africa. SMMEs (small, medium, and micro enterprises) are particularly at risk, accounting for a significant portion of jobs and GDP in the region. NEC XON recommends changing passwords, emphasizing the dangers of using the same credentials across multiple platforms. The compromised data, potentially sold on the dark web, poses a risk of “credential stuffing,” where hackers use login credentials obtained from one site to gain unauthorized access to others.
The CIPC breach is part of a growing trend of cyberattacks targeting government institutions in South Africa, raising questions about the state’s ability to safeguard citizen data. Similar incidents have occurred in the public and private sectors globally, prompting a need for enhanced cybersecurity strategies. Experts suggest that a zero-trust approach, where no users or devices are trusted by default, could help mitigate vulnerabilities in government systems.
Despite the challenges posed by cyberattacks, there is optimism that the incidents will lead to improvements in understanding system deficiencies and potential areas of attack. The Information Regulator, responsible for enforcing data protection laws, is closely monitoring security compromise notifications. The regulator emphasizes the importance of compliance assessments and reporting data breaches in line with data protection laws.
While the hardliner approach of regulators is encouraging organizations to strengthen their defences, the ever-evolving landscape of cyber threats, including the use of artificial intelligence by cybercriminals, underscores the ongoing challenges in protecting user data. Cybersecurity professionals face the complex task of safeguarding against multiple vulnerabilities, emphasizing the need for continued vigilance and proactive measures in the face of evolving cyber threats.
