The Treasury is the latest to fall prey to high-profile cyberattacks on a government entity, highlighting the importance of protecting the country’s digital infrastructure.
The government's finance department said it identified malware on its Infrastructure Reporting Model (IRM) website, the online infrastructure reporting and monitoring system, on Tuesday afternoon.
In response, the Treasury said it isolated the IRM servers to “assess the magnitude of the compromise and to ensure the security of its systems.”
There have been a number of reports regarding security incidents affecting the tech giant’s platforms in the US this week. In the light of this, the Treasury has requested Microsoft’s assistance in identifying and addressing any potential vulnerabilities within its information and communication technology systems or environment.
The incident adds to the growing number of cyberattacks on government-linked entities.
In May, national airline SAA was the subject of a major attack that primarily targeted its website, mobile application and certain internal communication systems.
The SA Bureau of Standards has experienced three cyberattacks in just five years. It was disclosed in February that core systems remained encrypted and inaccessible at the service after the latest attack in November 2024.
Cybersecurity firm Check Point Software Technologies, in 2024, highlighted that online attacks on digital infrastructure, systems, organisations and consumers were costing SA 1% of its GDP.
Despite these events, the Treasury said it systems and websites “continue to operate normally without any disruption.”
Attacks have become commonplace in the modern economy, a price for the speed, ease of communication and huge data processing provided by the internet. While entities such as the government are under constant attack, it is usually only in significant situations that the organisation admits to, and discloses, such breaches.
The Treasury’s IT department processes more than 200,000 emails each day and facilitates more than 400,000 user connections through their websites daily. On average, the team successfully detects and blocks about 5,800 security threats directed at the Treasury’s systems every day, “showcasing the department’s commitment to maintaining a secure digital environment”, the department said.
Lead for health and public sector in Africa at Accenture, Gugu Nyanda, advocates for a three-step approach to tackling growing cybercrime in SA, particularly around government entities.
First is to ensure that government employees are trained and kept up to date with issues relating to digital threats. Second is to ensure that all government employees use updated software. The third solution is to break down operating silos in government.
A recent report by cybersecurity firm KnowBe4 African shows that African organisations are fundamentally misjudging their cybersecurity posture.
The report highlights, for instance, that just 10% of cybersecurity leaders are fully confident that staff would report a phishing attack or other cyberthreat, despite rating employee security awareness of cyberthreats at four out of five or higher. A significant perception gap exists between decisionmakers and general employees in Africa regarding security awareness training, with 68% of leaders believing that training is tailored to roles, compared to only a third of employees feeling adequately trained.
“This report reveals a critical paradox in African cybersecurity: while organisations feel aware and prepared, significant blind spots remain, especially concerning how they manage human risk,” Anna Collard, senior vice-president for content strategy and evangelist at KnowBe4 Africa, said.
“The continent’s cybersecurity posture may be more confident than it is truly resilient.”
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.