Ministry Cybersecurity Audit Reveals Vulnerabilities with the Potential for Data Breaches

A recent cyber security audit conducted on various Ministries and Departments has uncovered significant vulnerabilities and non-compliance issues. The audit, performed by the National Telecommunication and Information Security Board (NTISB), revealed several critical oversights and areas of non-conformity, including:

  1. Many internal network systems and user terminals were found to be connected to the internet, posing a security risk.
  2. The audit identified weaknesses in password policies, emphasizing the need for stronger criteria, including longer character lengths, and the inclusion of special and uppercase characters.
  3. Sharing of user credentials (usernames and passwords) was observed, which is a dangerous practice that can compromise security.
  4. The report highlighted issues with device control mechanisms, particularly concerning USB devices.

To address these concerns, the NTISB has recommended the following remedial measures:

  1. Disconnect internal network-based IT systems and user terminals from the internet to enhance security.
  2. Enforce a robust password policy, requiring longer and more complex passwords.
  3. Discourage saving passwords in web browsers or writing/pasting them on desks, promoting a clear desk/clear screen policy.
  4. Strictly avoid sharing user credentials.
  5. Use separate USB devices for official systems, subject to whitelisting.
  6. Implement a strict device control policy, especially for USBs.
  7. Avoid forwarding official emails to personal email accounts.

This audit underscores the importance of strengthening cybersecurity measures within government entities to prevent data breaches and other security incidents. Ministries and Departments need to implement these recommendations to enhance their cybersecurity posture.