Tackling cyber-threats in Kenya
As the world marked cybersecurity month (this October), the day presented businesses, both local and across the world, with food for thought on what needs to be done to combat associated cyber-threats.
This is because hackers have for long infiltrated businesses, causing untold losses to the establishments. In October 25th 2019, for instance, the website of the city of Johannesburg, responsible for its billing systems, was hacked. And those responsible demanded Kshs3.1 million in ransom, according to reports from the Massachusetts Institute of Technology (MIT).
Locally, the Communications Authority of Kenya (CA), in its April-June 2019 sectoral report explains that cyber security threats vary, from botnet to malware, fake news spread through the media as well as web application attacks.
The report further notes that between the fiscal period 2018/2019, the highest cybersecurity threats were from malware attacks, amounting to 40.8 million, followed by 4.8 million attacks from botnet.
While the Kenyan banking system has adopted a digitisation strategy, the sector has not escaped cybersecurity threats. According to data from the United States Computer Emergency Readiness Team, cybersecurity threats such as Emotet can lead to losses of up to $1 million dollars to banking and digital payment systems in the country.
A study by the American-based investigative firm, Kroll, in its 2019 Fraud report, found that 84 percent of the companies that had been polled said they have been negatively affected by the fake news that has been spread about them.
In India, e-commerce firm Infibeam limited in 2018 lost over 70 percent of its market stock due to an alleged message about its financial practices, the Business Standard reported. This is just a tip of the iceberg to a growing number of threats facing companies globally.
But what can effectively be done to avert such crises?
According to the 2018 Africa Cyber Security Report, one of the solutions is to hire staff trained in the field. There are 60 percent of skilled staff in the industry, the report reveals, adding that if cybercrimes were dealt with, it could’ve saved the country $295 million as of last year.
On October 23rd, iLabAfrica, a company based in Strathmore University- Nairobi, came into to address the deficit in the industry by signing a Memorandum of Understanding with BCK Kenya and the Audit Consulting Project Management (ACPM) for its Security Operating Centre.
During the signing ceremony, Mikos Marton, an IT official at APCM said: “The need for a security operating centre is to address the limited resources for the industry, such as skilled people. Strathmore University’s iLab Africa will be key in providing the necessary resources, such as the engineering staff skilled in technology. The concept is that ACPM will be key in imparting information technology in them so they can help the industry.”
ACPM had sponsored a training programme for the delegation comprising BCK Kenya and iLabAfrica prior to signing the MoU.
Marton explains that ACPM, whose headquarters are in Hungary, will be monitoring the commercial centre of clients and academics at a 24-hour, 7-day basis. If there are any cybersecurity threats, the SOC will be able to see it from their dashboards and big screen monitors, jointly at either ACPM or iLabAfrica centres.
In an exclusive interview with the Hungarian ambassador to Kenya, Mr Lazslo Mathe confirmed that his country is no stranger to cybersecurity issues such as online theft, privacy violations as well as hacking for both private individuals and companies. He said the Security Operating Centre will lead in tackling cybersecurity challenges.
“Kenya stands out for being an example in the African continent for being among the fastest growing regions globally when it comes to Information Technology. Most of the individuals who are using technology are effective in its use. Unfortunately, they happen to be the targets of hackers, who want to cause them harm online. Thus the partnership between Hungary and Kenya when it comes to cybersecurity will be of importance to this sector,” he says.
According to a 2018 research by Legal Intelligence Week, Hungary reported eight incidences of cybersecurity while the Budapest Business Journal reported that both corporates and Small and Medium Enterprises in Hungary needed to have the skills to protect themselves from cybersecurity attacks.
“ACPM brings experience and expertise in the Security Opertaing Centre at iLabAfrica. It comes with an openness to learn the Kenyan market. The Centre will be a model that joins academia and businesses that will put both Hungary and Kenya on an equal footing,” the ambassador said.
Titus Nyoike, an Information Technology Specialist at BCK Kenya, an IT consultancy company, says the centre acts as an integrator that brings together various technology partners. To the iLabAfrica-ACPM collaboration, BCK Kenya will provide Level 3 support.
“CPM will provide Level 3 kind of support to the security operating centre. While iLabAfrica are the first people that the client will go to, ACPM will provide a platform that insures against cybersecurity threats, and detailed support after the local one from iLabAfrica as well as training and capacity building,” Nyoike says, adding:
“BCK Kenya is the client facing partner required to go to the ground and onboard clients to the platform.”
The target market for the Security Operating Centre will be commercial banks, the media, Savings and Credit Co-operatives (Saccos), academic institutions such as schools, Internet Service Providers (ISP’s), airports as well as insurance companies.
In an exclusive interview with this publication, Richard Oloo, the IT Security Manager at iLab Africa says that iLabAfrica is bridgin the gap for companies that require skilled engineers who can deal with cybersecurity issues but lack enough funding to pay them.
“There are small organisations that cannot afford to hire IT and system security engineering staff full time that can save business the disadvantages of cybersecurity. So instead of having an expensive internal IT team to work full time, these organisations opt to pay a subscription fee to iLabAfrica, who can handle such a service instead,” Oloo says.
“While BCK will be looking for customers, iLabAfrica will handle the cybersecurity part. We estimate that the service will be running by next month as there is already infrastructure in place.”
Oloo says that the equipment, such as monitoring screens, required to run the Security Operating Centre ranges from Kshs1million to 10 million. But the goal for iLabAfrica is to replicate the ACPM model in Hungary.
“The Centre works in Hungary where they have been able to provide the cybersecurity service to their citizens,” he concludes.