South Africa is the most targeted country in Africa when it comes to cyber breaches.
The cyber security breach that rendered the ICT systems of the South African Weather Service (SAWS) unusable led to “uncharacteristically poor” performance in the fourth quarter of the 2024/25 financial year.
The Parliamentary portfolio committee on environment, forestry and fisheries was yesterday briefed on the situation when the meteorological service provided an update on its third and fourth quarter reports for the financial year under review.
In January, SAWS confirmed its ICT systems went down due to a criminal security breach. It revealed its aviation and marine services were affected, as well as e-mails and website.
Delivering opening remarks during the update, portfolio committee chairperson Nqabisa Gantsho said SAWS was on track for a “sterling” performance until a cyber attack derailed its operations.
SAWS CEO Ishaam Abader told committee members the entity did not achieve most of its targets during its fourth quarter, largely as a result of the cyber security breach.
Theft, vandalism and below-target commercial revenue also impacted its performance during the financial year, he noted.
In its fourth quarter, ended 31 March, SAWS achieved a target of 36.36%, missing out on 63% of its target, Abader revealed.
The cyber attack hampered fourth quarter performance as it led to an inability to access evidence to confirm the national weather forecast, he explained. “We had to rebuild our message handling system, which had been destroyed by the cyber attack.”
Additionally, SAWS was unable to meet its target for the availability of the safety of life at sea products.
The attack also had an impact on the code, configurations and related processes from the research server environment, where products being developed were lost. In most cases, data was corrupted.
“In terms of corrective measures, we are rebuilding the server environment and redeveloping the scripts that were lost and looking at our communication channels for our respective data feeds.”
On the impact of the cyber attack on climate data on the national climate database, Abader said the entity achieved a target of 63% during the quarter. “We are in the process of restoring our climate database and recovering all relevant data to close the data gaps, in terms of historical data.”
As to unregulated commercial revenue generated, SAWS underperformed during the quarter, generating R5.4 million in revenue, missing the quarterly target, he stated. “However, we exceeded the annual result by roughly R200 000.”
CFO Norman Mzizi also indicated the cyber attack resulted in many of SAWS’s employees working from home as the entity was recovering its systems.
SAWS is the meteorological service under the South African government’s Department of Environmental Affairs and Tourism.
The attack on the meteorological service’s ICT systems comes on the back of several cyber breach incidents impacting state institutions as well as local organisations.
In May, South African Airways revealed it was hit by a significant cyber incident. SA’s flagship carrier said the breach temporarily disrupted access to the airline’s IT systems, prompting swift response measures to mitigate its effects.
South Africa is the most targeted country in Africa, when it comes to infostealer and ransomware attacks, according to global cyber security company ESET’s bi-annual Threat Report.
Data and expert insight collected between June and November 2024 revealed that over 40% of ransomware attacks and just under 35% of infostealer incidents on the continent occurred in SA.
Addressing the portfolio committee, SAWS board chairperson Sandika Daya revealed that in quarter three, the entity achieved 90.91% of its performance targets, which marked a 9.1% spike from the 81.82% recorded in the second quarter.
In the fourth quarter of the financial year, its performance took a nosedive, plummeting from the year’s high of 90.91%, to a low of 36.36%.
“The January 2025 cyber attack had everything to do with this uncharacteristically poor performance. As the current board, we would have desired to keep the momentum and either maintain or improve on the notable Q3 performance and results, but this was not meant to be.
“The cyber attack marked a disappointing regression in the SAWS performance,” commented Daya.
“For the current board, particularly the new members, the cyber attack was truly a baptism of fire. Important lessons have, however, been drawn from that experience. Working together with SAWS management, we undertake to do all in our power to ensure the entity is protected from such attacks, as they have the potential to collapse all important services that SAWS renders to the people of SA.
“Progress is being made to implement measures that will see to it that the entity does not find itself in the same predicament again,” she concluded.
