Govts should invest in security systems

WordPress

AFRICAN governments should wake up and smell the coffee. For instance, Zimbabwe government websites, parastatals, councils and other statesites like the Zimbabwe Electoral Commission (Zec) and Judiciary Services Commission (JSC) have been targets of local and international hackers.

Sadly, some of the attackers are novice hackers, who are known to ICT professionals.

Zec is a body responsible for the management and administration of Zimbabwe's electoral processes.

It was established by an act of Parliament in 2004.

JSC is a body that was established to promote transparency, accountability and independence of the judiciary and provide administrative support to the judiciary for an efficient justice delivery system.

Zimbabwe’s mainstream services and online software applications are at some point the target of local and international hackers.

Denial of service attackers or geeky glory hunters, and regardless of how much the government invests in website security; they remain a target.

From our research, due to content management systems (CMS)’s own success, all Zimbabwean frontend websites are built using WordPress.

WordPress is a free and open-source content management system written in hypertext pre-processor language and paired with a MySQL or MariaDB database with supported HTTPS.

The reason why it is mostly used in Zimbabwe is because WordPress is free, easy to use and flexible enough to make different types of frontend websites.

Because of these factors, WordPress bears the brunt of the attention in the CMS world because it is the largest and most popular platform with 65% of the world online market share.

Added to this is the Open-Source nature of WordPress, meaning its underlying code is easily exposed.

Before websites were developed using HTML, JAVA, Objective C or even JavaScript attacks were less commonplace. Now that the majority of the world's websites are powered by CMS’s and are database-driven, providing more potential to exploit weak points to cause damage.

WordPress is vulnerable to malicious attacks not due to the fact that it is insecure but because it is popular.

Why do hackers like attacking parastatals, council, government systems and websites? In network security, we talk about “attack surfaces,” the term for the total number of points or vectors through which an attacker could try to enter a computing environment.

As government organisations at the regional, local, and municipal levels have become increasingly digital, their attack surfaces have vastly increased and have become more vulnerable to cyber-attacks.

 The main reasons for this high level of vulnerability are inadequate ICT security expenditure on new equipment, high staff turnover and staff training combined with bureaucratic processes, which together make it very difficult for these organisations to match the pace of digital evolution.

This, in turn, puts mission-critical public services, such as, court systems, municipal utilities, bill payment services, power grids, and voting registration at serious risk of disruption, especially now as we head towards elections.

To prevent cyber-attacks on CMS websites, organisations’ ICT department should regularly monitor and review administrator-level accounts and privileges for access and activities.

Remove any database, application or plugin files when they are no longer in use.

Obsolete accounts should also be deleted. Regularly reviewing and performing such housekeeping activities can help in removing potential entry points for an attacker to breach organisation systems and to detect abnormal activities quickly.

In today’s digital age where governments have no choice but to embrace technological changes, it is now paramount to stay ahead of the game by investing in security systems that protect government, parastatal and council ICT infrastructure including websites.

Mutisi is the CEO of Hansole Investments (Pvt) Ltd and the current chairperson of Zimbabwe Information & Communication Technology, a division of Zimbabwe Institution of Engineers. — +263772278161 or e-mail [email protected]

 

Related Topics