This morning I had a chance to attend a brief forum on technology security and the statistics presented to us were shocking.
It’s appalling to know how much top corporate firms are losing in a month and worse more annually due to cyber attacks. Some go to upto 12 million Kenya shilling annually.
It’s hurting to know that due to ignorance and selfishness of some leaders; hardworking Kenyans are forced to pay higher interests, and expensive fees in banks and telcos to cater for losses they have no clue about.
The managers of these companies are aware! But they are afraid of sharing the information to Kenyans. According to an IBM security expert, 68% of CEOs globally are reluctant to share incident information externally while the rate stand at 90% locally.
In East Africa alone, governments are the top target sector for cyber attacks standing at 33%, the Telecommunications sector follows at 22% while financial services industry follow in close succession at 17% . This is according to Control Risk, a cyber threat intelligence team
Imagine a hacking in the National Health and Insurance Fund (NHIF) where hackers can access all your details, not limited to your official names, National identification number and your account balance, especially in a case where you paid using MPESA? or a hacking in the ministry of foreign affairs site where hackers can access all incoming and outgoing documents including those of the presidency, outlining his movements while on international trips? It’s that serious!
As taxpayers, what is left of us? Is technology for us or against us?
MINISTRY OF FOREIGN AFFAIRS HACKED
If we all remember, two months ago, a group of online activists threatened to leak documents from Kenya’s foreign ministry as part of a campaign to expose government and corporate corruption across Africa.
According to Reuters, The Kenyan ministry documents leaked email discussions of security preparations for diplomatic trips, trade deals and a status report on the conflict between Sudan and South Sudan, dated from the middle of this month.
The 95 sample documents could not be read using standard Web browsers but could be viewed using TOR (free software for enabling anonymous communication)
Contrary to the perception that cyber breaches are a problem unique to the large multinational companies based in developed markets, East African organizations are fast becoming a target for attacks with local subsidiaries particularly attractive as the ‘cyber’ route into these multinationals.
Today, the control risks intelligence team reports that in Kenya alone, the estimated costs for the country due to cyber crime costs sums up to 2 billion Kenyan shillings annually.
HOW TO CONTAIN CYBER ATTACKS
The Kenyan Government has made great strides with the formation of Kenya National Computer Incident Response Team Coordination Centre (KE_CIRT/CC) launched in 2012 and the development of the national cyber security strategy in 2014.
It is however key for the public and private sector organizations to interpret what the policies mean for them; essentially adopt a “paper to practice” model for their organization
However, that’s not enough. Community awareness is key; Cyber attack is a threat to National security! It’s high time that the ministry of information, communication and technology come in to make Wanjiku aware of what is happening.
“Cyber security still isn’t given enough priority by business leaders in the region as it’s often seen as an isolated IT problem and not a business issue.
It’s important that cyber security is demystified at that senior level. Rather than being perceived as this elusive dark art, cyber security needs to be incorporated into the whole business and not left isolated with the IT team.” notes Patrick Matu, Compliance, Forensics and Cyber expert for East Africa As the world of cyber criminality continues to evolve, it’s important that businesses continually review their IT security measures.
This should include an on-going review of the cyber threat landscape to understand what kinds of threats your business might face and adjusting your security measures accordingly – not forgetting making sure all employees are aware of the potential threats and how to respond.