The Department of Justice and Constitutional Development (DJCD) has been on a continuous drive to safeguard its IT systems to avoid another cyber attack.
This is according to Jabulani Hugh Hlatshwayo, deputy director-general and CIO of the DJCD, speaking at the ITWeb GRC Conference 2025, held yesterday in Bryanston, Johannesburg.
In his presentation, Hlatshwayo discussed how weaker security controls from third-party service providers might lead to potential entry points for cyber attacks.
He discussed two security incidents previously suffered by the department, the lessons learnt and how it is continuously strengthening its security controls to avoid history repeating itself.
In September 2021, the justice department suffered a ransomware attack on its IT systems, following a security breach that led to all of its information systems being encrypted and unavailable to internal employees, as well as members of the public.
As a result, all electronic services provided by the department were affected at the time, including the issuing of letters of authority, bail services, e-mail and its website.
Last year, the department was subjected to another IT incident when insiders illegally accessed its systems, which affected its electronic child maintenance payments.
“We have put in place measures to ensure the 2021 incident does not repeat itself. We have put in place a dedicated service provider whose sole purpose is to manage our security.
“Secondly, we have ensured our cyber security policies and procedures are up to date, and that they are always relevant. We've ensured we have fully recovered from the repercussions of the ransomware, and we ensure we now have licences with service providers that are always up to date.
“We have further invested in Microsoft 365 E5, its advanced security offering. On top of that, we ensured our firewall security is renewed, with the last renewal being at the end of 2024.”
From time to time, theDJCD reviews the safety of itsvirtual private network, he added.
“We emphasise security awareness, and employees are always educated on how these threats come into the environment and what type of e-mails should not be opened and how to be careful of certain attachments. It’s important to block those e-mails that have got encrypted files and so forth.”
Last year’s incident was not a cyber attack, but fraudulent activities within its payments system, called MojaPay, he explained.
To avoid a similar incident in future, the department had to take several steps, he added. “Because we are talking about financial systems, we had to suspend the usage of our systems, and had to fully review access to the system and re-register all the users of the payment system to ensure they are all authorised users.
“We also had to introduce security mechanisms to ensure there’s multi-factor authentication, so that users cannot claim to have had their user credentials abused or stolen. We also had to do separation of duties and implement a comprehensive audit trail from the front- and back-end.”
Other measures have been introduced as a continuous security process, he noted.
“I can’t say we are 100% hack-proof, but with the endpoint protection on our devices and the latest tools to mitigate the risks, I can safely say we’ve ensured our cyber infrastructure has got the right protection.”
Share