Subscribe
About
  • Home
  • /
  • Security
  • /
  • ITWeb TV: The woman behind Eskom’s high-stakes cyber security

ITWeb TV: The woman behind Eskom’s high-stakes cyber security

Simnikiwe Mzekandaba
By Simnikiwe Mzekandaba, IT in government editor
Johannesburg, 08 Aug 2024
Eskom CISO Sithembile Songo details how security can't be treated as an after-thought, how the power utility is leveraging AI and machine learning, network vigilance, and steps required to achieve gender diversity in the information security space. #eskom #itwebtv #OT

Eskom fends off up to one billion attempted cyber incidents per month, according to chief information security officer (CISO) Sithembile Songo.

This, as cyber criminals increasingly target critical infrastructure industries.

Songo, who has 20 years of cyber security and leadership experience, is head of information security at the power utility, tasked with ensuring the overall security posture of the entity.

As part of an ITWeb TV special focus on women in tech, Songo details what it takes to be Eskom’s CISO, the processes required to manage third-party providers, investment in new technologies to protect the utility’s cyber assets, as well as efforts to get more women to select cyber security as a career.

Songo says if not blocked, the cyber incidents could have been cyber attacks. Even though there’s a lot of cyber security-related threats, ransomware attacks still remain prevalent in operational technology (OT) systems, she notes.

“Cyber criminals realise these systems were not designed with cyber security in mind. Obviously, there are a lot of legacy systems that might not accommodate modern systems or modern capabilities, from a cyber security point of view.

“In 2023, ransomware attacks were prevalent. I’ve seen a number of OT-related industries become targets of ransomware attacks.

“That is why we need to apply those layers of defence, to make sure the legacy systems are protected. This is so that we have an upper hand, gain visibility, protect, know where our assets are so that they are protected accordingly. It’s not about knowing your assets; it’s about knowing what threats can be posed to your assets, what vulnerabilities can expose your assets and making sure you actively mitigate those vulnerabilities before the cyber criminals exploit them.”

South Africa has seen a number of high-profile cyber attacks on the local front in recent years, including on credit bureaus, healthcare and retail groups, several government departments, as well as highly-organised distributed denial-of-service (DDOS) attacks on banks.

The country is said to be the eighth most targeted in the world for ransomware, with more than half of South African firms impacted in 2022.

Songo says ransomware attacks account for more than 100 000 per month of attempted cyber attacks that Eskom blocks. “In terms of DDOS attacks, it’s more than billion.

Sithembile Songo, chief information security officer of Eskom.
Sithembile Songo, chief information security officer of Eskom.

“At some point, when we had load-shedding, we were able to block more than a billion, and sometimes go up to close to two billion per month.

Songo comments that third-party-related breaches have also become prevalent. “These cyber criminals see that we invest a lot in terms of implementing cyber security capabilities to block malicious actors from penetrating our network. They now leverage third-parties so that they can gain unauthorised access to the network.

“We’ve seen what happens out there in terms of third-party-related breaches. That is why it is important to make sure your strategy adequately covers third-parties, so that they don’t introduce risks to your network.

“We understand the impact a cyber breach can have, especially to Eskom. We host national critical infrastructure, so any cyber breach will have a detrimental effect; not just to Eskom, but to the economy at large.”

Putting new tech to work

According to Songo, while the necessary measures can be applied to prevent a cyber breach from occurring, there’s a saying that it’s not about if, but when.

“We arm ourselves in such a way that we have the necessary capabilities to be as resilient as possible, so that if something happens, we can at least respond. We’ve been leveraging a lot of AI [artificial intelligence] and machine learning in terms of real-time response and detection, because we realise cyber attacks are quite advanced nowadays.

“Some cannot even be blocked by the traditional capabilities. I’ve seen it even in our environment, where some of these advanced cyber attacks bypass the traditional security capabilities that we have. As a result, we have invested in AI and machine learning capabilities…which is helping a lot.”

Songo adds that AI and machine learning are not nice-to-have; rather there must be a proper use-case for them.

In addition to real-time response and detection, implementing AI and machine learning helped augment the headcount within her unit, she reveals.

“For instance, SOC analysts no longer have to focus on the manual tasks they used to do before, as those tasks are now automated, allowing them to put their efforts into other tasks that are more strategic, or can help the organisation achieve its objectives better.”

According to Songo, receiving the necessary support at board level also goes a long way in achieving the power utility’s information security objectives.

Lift as you rise

The cyber security space is often said to be the slowest in the ICT sector in getting more women in this specialised field. Women cyber security professionals have gone as far as to describe the low level of gender transformation in the field as “appalling”.

Songo agrees there needs to be more women in cyber security. “AI and machine learning have showed the importance of having women in the cyber security space, because there are certain technologies that have been developed using AI, but they’re more accommodative towards men compared to women, so that diversity is crucial.

“We need to create the relevant platforms, mentorship programmes…and make sure we encourage young women to be part of those channels.

“I didn’t know anything about information security until I was done with my tertiary education and had to do my internship – that’s the only time I was introduced to it. This is too late; we need to start introducing it during the early phases of the education programmes.”

She also notes women must realise the importance of supporting one another, and need to ‘lift as they rise’.

Commenting on what keeps her in this field, she says: “You never get bored because there’s always something that you need to address. There are always challenges that present opportunities to be innovative and so forth.

“I believe cyber security professionals enjoy a dynamic environment that has different types of challenges they can address almost on a daily basis.”

Share