Institutions often fail to recognise the impact of cyber security on business, therefore risk damaging organisations’ data, assets and reputation.
By Brian Yatich
Cyber crime has become a growing phenomenon, ignited by the constant growth of technology which has provided criminals with more tools and methods to perpetuate crime.
Cases of burglary, theft and shoplifting which had previously been an issue have reduced and the evil has now shifted online, this has never been an issue to the countries in the region until lately.
Early last year an anonymous hacker group, only identified as “Anonymous” conducted a sophisticated cyber-attack on Kenya’s government facilities, it breached the foreign ministry server and made away with loads of data which ended up leaked to the deep web (a community hidden from the normal internet).
The attack was conducted under the slogan “OpAfrica” an operation which seeks to expose government and corporate corruption across African countries.
The data contained confidential files from the ministry’s server including email conversations, security related communication, international trade agreements and letters discussing the security situation in Sudan.
Other documents include letter conversation related to business collaboration deal between Kenya and Oman and several other documents discussing state officials visiting the country.
Also the same year in March, the Central Bank of Kenya (CBK) received information that the bank and other government facilities could be the target of an imminent cyber-attack; it will be remembered that back in 2013, the CBK suffered a major breach when it’s website was taken over by a cyber-based group known as the ‘Gaza Hacker Team’ which blocked many visitors from around the globe who uses the site to access exchange rates and other financial information.
Another group in February last year hacked Ugandan Ministry Of Finance and leaked data including the site’s database with over 500 usernames, phone numbers, emails and their encrypted passwords, they also attacked another IT company under the Rwandan government. And in Tanzania the same group also leaked details of 64,000 workers from Tanzanian telecom firm.
The anonymous group left a message saying, “It’s too late for African government to expect us”
According to a report by a Kenyan cyber security consulting company, Serianu, 80 per cent of Kenyans connected to the Internet are vulnerable to cybercriminal attacks.
The report indicates that state of Cybersecurity in the region, with majority of private companies and public sector organizations remain very exposed to cyber-crime and internal IT fraud.
Serianu’s study also reports that the annual cost of cyber-crime to Kenyan companies is estimated to be KES 15 billion (USD146 Million) with the public sector being the most affected having losing approximately KES 5 billion per year, followed by the financial services sector at KES 4 billion and the manufacturing and industrials sector at KES 3 billion in third place.
The telecommunications, media and technology and other sectors are estimated to lose about KES 2 billion and KES 1 billion respectively.
The security firm is warning that with the given growing technological landscape especially with the use of social media, will only give cyber criminals an opportunity to infiltrate the networks.
“The scourge is diverse and most institutions affected right from, government institutions, schools, Telecommunication industries and Insurance companies, however these institutions often fails to recognise the impact of cyber security on business, and therefore risk their organisations’ data, assets and reputation” it reads.
The report further found that most organizations with over 70 employees in Kenya have at least two vulnerable computer servers and up to fifteen infected computers that were already hacked into by cybercriminals.
The country records at least 3,000 cyber-related incidences on a monthly basis according to the internet security company.
“The key to protecting data is to develop realistic and prioritized strategies around a situational awareness and pro-actively implement them.” William Makitiani, CEO Serianu said in the report.
“There is a need to thoroughly protect our digital platform. Security professionals need to focus on establishing cyber security situational awareness within their respective organizations,” Makitiani added.
Keen on tackling these increasing cases, the government of Kenya has been working on a National Cyber security Master Plan whose goals have included setting up a co-ordinated incidence response mechanism, PKI infrastructure and comprehensive cyber security policies.
With such high incidences of cyber-attacks, the Kenyan government initiated a watch dog known as Cyber Incidence Response Team (CIRT) under the Communications Authority of Kenya to provide information and assistance to its citizens in implementing proactive measures to reduce the risks of computer security incidents as well as responding to such incidents when they occur.
Among these measures it included the setting up of a forensic laboratory in the next three months which, will seeks to monitor imminent threats and prevent possible attacks.
The top four sources of cyber security attacks to the East African countries, the report lists the US with the highest number at 20 per cent followed by China, Russia and Venezuela at 19 per cent, 11 per cent and 10 per cent respectively.
In order to assist East African organisations in overcoming these burden, late last year, the National Information Technology Authority – Uganda (NITA-U) together with NRD Companies organized the fourth annual Cyber Defence East Africa 2016 conference (CDEA) which seeks to serve as a practical knowledge sharing, skills building and networking platform, aimed to address cyber security issues and bring together the Government, the ICT Industry and Academia in efforts to create a better and more secure digital environment for the states, governments, businesses and citizens in East Africa.
Currently, Kenya ranks at (15) position with Uganda ranking at ten (10) globally and Tanzania holds at positon (22) in the ITU Global Cybersecurity Index & Cyber wellness Profiles.
Cyber-criminals have been known to be targeting the holiday seasons, during a period which users are spending money online than usual.
The security firm highlighted the need for an increased number of skilled security professionals and service providers adding that the cyber-crime can be mitigated by building visibility around the company’s data, assessing the risk posed to the data and developing appropriate security programmes.
On a personal level, clicking on any links received from unknown people, or on suspicious links on social sites or e-mail can be malicious and always and are advising that an individual must double-check to ascertain that a webpage is genuine before entering any credentials or confidential information.