The CIPC denied that the data breach from last week caused it to shut down its servers overnight on Wednesday. However, claims the reason behind its shutdown was due to routine maintenance.
CIPC Claims its Shutdown Was Due to a Routine Maintenance
A representative for the Companies and Intellectual Property Commission (CIPC) refuted reports that the organization’s overnight system shutdown on Wednesday was due to the exposure of confidential employee and customer data last week.
The CIPC characterized the shutdown as “urgent” in a statement released on Wednesday, March 6. It was planned to occur between 2 p.m. and 8 a.m.
On Thursday, March 7, resulted in the closure of CPIC’s online and contact center services, along with service centers located in Cape Town, Johannesburg, Pretoria, and Durban.
Maintaining the nation’s business and intellectual property registrations is the responsibility of the CIPC, which is housed under the Department of Commerce, industry, and Competition.
As such, it is an important economic component of South Africa. Lungile Dukwana, the chief of strategy at the CIPC, told TechCentral on Thursday that “this was routine maintenance and in no way related to last week’s data breach.”
Users Could Still Not Access Any of the Portal’s Features
Visitors trying to access the CIPC portal as of Thursday morning were being prompted to update their passwords and enable multifactor authentication. Users could still not access any of the portal’s features, though, as the authentication mechanism relied on Department of Home Affairs systems, which were unavailable on Thursday.
Meanwhile, 140 credentials directly connected to the CIPC attack were listed for sale on Wednesday morning, according to cybersecurity firm NEC XON’s dark web monitoring.
The hacker collective taking blame for the CIPC attack reportedly employed the same exploit that they used to compromise the same systems three years prior, according to a story published on consumer technology website MyBroadband.
According to KnowBe4 Africa’s security expert Anna Collard, this process is known as “neutralization.” “From a psychological standpoint, criminals tend to believe they are good people, so they use neutralization arguments to place the blame on the victim in this case, the incompetence of the CIPC to justify their actions.”
Not Selling CIPC Customer Data and Their Pursuit
Collard believes that the hacker group’s purported statements about not selling CIPC customer data and their pursuit of “the big guys” are examples of neutralization tactics used to paint them in a favorable light with the public.
Collard cautioned that portraying the CIPC as the adversary could cause the public to forget that the hacker group violated their privacy.
Lack of cybersecurity expertise is a major issue that compromises defenses against attackers, especially in government. The average cybersecurity position takes at least six months to fill, while senior positions take a year or longer, according to a recent analysis from antivirus and cybersecurity company Kaspersky.
Collard says that cooperation is the only way to properly handle the threat posed by the CIPC’s data, which impacts both the government and business.
ALSO CHECK:
