Image created by AI

The Linchpin of Eskom's Cybersecurity: How Sithembile Songo Shields Against a Billion Threats Monthly

Published August 11, 2024
1 months ago


Eskom, South Africa’s largest public utility, is under constant cyber assault, defending against up to one billion potential threats each month, Sithembile Songo, the Chief Information Security Officer (CISO), revealed recently. Getting down to the nitty-gritty of safeguarding the nation's critical energy infrastructure, Songo, a veteran with two decades in cybersecurity, is unwavering in her mission to maintain and enhance Eskom’s digital fortifications. Her unique insights were shared as a part of ITWeb TV's special focus on women in technology.


Targeted cyber incidents poised to become full-scale cyber-attacks are persistently high on Songo's radar. Operational technology (OT) systems are particularly vulnerable due to their legacy design flaws, which often do not account for modern cybersecurity measures. In response, Songo champions a layered defensive strategy that employs not just knowledge of Eskom’s digital assets but also proactive threat and vulnerability mitigation — an agile approach to stay ahead of cybercriminals' exploitation attempts.


Ransomware continues to plague industries worldwide, and South Africa has been no stranger to its effects. It ranks as the eighth most targeted nation globally, with over half of the local firms experiencing impact in 2022. Songo reports that ransomware attacks alone constitute over 100,000 of the monthly attempts prevented by Eskom. The significant rise in distributed denial-of-service (DDOS) attacks, peaking during periods of load-shedding, adds to the utility's cybersecurity woes, with attempts occasionally reaching nearly two billion per month.


Amid growing third-party vulnerabilities, Songo pointed out that cybercriminals often bypass robust in-house cyber defenses by exploiting weaker links in the chain. Eskom's strategy robustly includes managing these third-party risks to prevent unintended network breaches. Recognizing that any cyber-incident could be catastrophic for the national infrastructure and economy, Songo underscores just how crucial a resilient cybersecurity posture is.


Resilience does not come solely from defensive tactics. It also requires cutting-edge technology. Songo emphasized Eskom’s investment in AI and machine learning tools for real-time threat detection and response. These tools are no longer luxuries but necessities to counter advanced methods of cyber-attacks that conventional methods may miss. The adaptation of AI and machine learning has also optimized her team's efficiency, automating mundane tasks and freeing analysts to tackle strategic challenges—an invaluable upgrade in the cyber battleground.


Backing from Eskom's board has been paramount in achieving the power utility's information security goals. The collaborative effort at all organizational levels serves as a testament to the critical nature of information security within the realm of national service provision.


Beyond the technicalities of cybersecurity, Songo is a robust advocate for the inclusion of more women in the field. The representation of women in cybersecurity remains low, and Songo stresses the importance of diversity for fostering more balanced and inclusive technological solutions. Encouraging platforms and mentorship programs for young women are vital starting points, as is the philosophy of "lifting as you rise." By promoting early education and career support, Songo believes more women will be empowered to join and shape the future of cybersecurity.


High-stakes challenges keep Songo invested in the cybersecurity arena, where constant innovation, adaptability, and dynamic problem-solving fuel her passion—elements she believes will draw more security professionals to an already exhilarating field.



Leave a Comment

Rate this article:

Please enter email address.
Looks good!
Please enter your name.
Looks good!
Please enter a message.
Looks good!
Please check re-captcha.
Looks good!
Leave the first review