Armscor beefs up security

Read time 2min 40sec
Hacktivists claiming to be linked to Anonymous breached Armscor's Web site this month.
Hacktivists claiming to be linked to Anonymous breached Armscor's Web site this month.

The Armaments Corporation of SA (Armscor) has increased security measures on its Web site after the recent hacking incident.

Armscor is the officially appointed acquisition organisation for the SA Department of Defence, and with the approval of the minister of defence, also renders an acquisition service to other government departments and public entities.

Earlier this month, hacktivists claiming to be linked to Anonymous breached the Web site of the South African government-owned arms supplier. The attack was perpetrated in the name of the #OpAfrica campaign, which was launched earlier this year.

Following the breach, Armscor stressed that a preliminary investigation into the data breach of its Web site found no classified information was accessed.

"Armscor would like to reassure its stakeholders that classified defence information remains highly secured and protected. The hacking of state information is a criminal activity and is strongly condemned," the organisation says.

"Investigations are now under way to bring the culprits to book and criminal prosecution will be sought once sufficient evidence has been gathered. As an acquisition agency, Armscor prides itself on the robustness of its procurement process and its adherence to the highest international standards of corporate governance with regards to all its systems, including the appointment of suppliers. All invoice payments are only made against valid contracts.

"The illegal accessing of supplier information undermines the integrity of Armscor's confidentiality responsibility towards its stakeholders, and as such, the matter is viewed in a very serious light."

It urges anyone with information on the data breach to immediately report any criminal activities that seek to undermine the integrity of Armscor's databases.

Commenting on the hack, cyber security firm BDO says the hack was motivated by either two things: Armscor has sensitive information that people want access to; or the organisation has disgruntled employees who wanted to bring its systems down.

The cyber security firm urges Armscor to do a cyber readiness assessment and put in place the appropriate security reviews, making sure it has the correct infrastructure in place and educating employees around cyber risks.

"They must do a damage assessment to understand the integrity of their data as well as understand what was taken or planted, because malware could be planted to keep sending information out, or information could have been taken out or accessed."

Doros Hadjizenonos, country manager at Check Point Software Technologies SA, says it is crucially important that organisations educate users on the risks associated with everyday activities like using e-mail and downloading applications.

"These are still the main methods used by hackers to infiltrate systems in order to install malicious applications that enable them to steal information, or to hold data at ransom. We are still finding that users are the weakest link and with some education, I think it would go a long way in helping to reduce the number of successful hacking attempts."

See also