Cyber threat intelligence practices in the national sphere of government in South Africa

Abstract

Over the past two decades, cybercrime and cybercriminals have had a great impact on the safety, security and protection of the public sector’s confidential data and information assets. The increased usage of the internet and new, advanced 4IR technologies, and the digitisation of government’s public sector goods and services have become a growing concern to the government and its public sector institutions. In the South African context, as a developing country, it unfortunately lags behind advanced and developed nations in terms of fully counteracting cybercrime and cybercriminal operations. Despite this challenge, the South African government has been making tremendous efforts in combatting cybercrime. The aim of this article is to contextualise the study and practice of cyber threat intelligence at the national sphere of government in the South African public sector, namely, the former Department of Energy (DoE), former Department of Science and Technology (DST) and the former Department of Environmental Affairs (DEA) a qualitative research approach was followed using a case study approach. Primary data was collected through semi-structured interviews with senior departmental management. The findings are presented according to the Threat Intelligence Lifecycle analysis which serves as an analytical framework. The study concludes that in order to achieve effective cybersecurity practices and principles in the public sector , the government must identify the top trends commonly associated with cybersecurity to be able to develop and implement counteractive strategies and approaches, as well as to improve security systems and programs to ensure that an organisation is sufficiently prepared for and protected against cybercriminals and cyberattacks.