COUNTRY FOCUS
COUNTRY FOCUS
Teddy Njoroge, Country Manager ESET East Africa
Sacco’s,
cooperatives and
microfinance
institutions
are rapidly
growing in Kenya.
However, these
organisations
are so focused
on customer
satisfaction
and reducing
costs that they
tend to neglect
investment
in cybercrime
prevention. This
has made them a
popular target for
cybercriminals.
beyond simple anti-virus and anti-spam
technologies of the past. It needs to
include advanced threat protection
from the types of targeted threats that
have become so pervasive in the last
few years.”
Njoroge also believes this should be a
priority for organisations: “Companies
should train their employees to spot
socially engineered emails, to cautiously
open e-mails, be certain before
downloading any attachments and to
report any suspicious emails which have
been dropped into their inboxes.”
Securing the enterprise
Njoroge highlights the following as
crucial investments for CIOs to increase
cybersecurity:
•
•
•
committing offences. For example, if an
offender accesses a computer system
with the intent of facilitating another
crime under law, they will face a fine of
Sh10 million or imprisonment for a term
of up to 10 years, or both.
Changing motives
Njoroge identifies three verticals which
are particularly vulnerable when it
comes to cyberattacks; these include
banks, governments and SACCOs and
microfinance institutes: “The motives
for data breaches are increasingly
financial. This makes banks more of a
target than ever. 2016 saw more attacks
targeting Kenyan banks ranging from
insider threats to spear phishing and
ransomware attacks. Banks are getting
hit through their web applications,
Internet and mobile banking platforms.
40
INTELLIGENTCIO
“The government has also been a prime
target for cyberattacks. This is attributed
mainly to the huge volumes of critical
confidential social and economic
information. In April 2016, the Minister
of Foreign Affairs suffered a cyberattack
in which a trove of data amounting to
1 terabyte was stolen and leaked to
the dark web. The stolen data included
confidential and non-confidential
email conversations, security related
information, trade agreements and
letters on the Sudan’s security situation
in the form of PDF or Docs.
“Sacco’s, cooperatives and microfinance
institutions are rapidly growing in Kenya.
However, these organisations are so
focused on customer satisfaction and
reducing costs that they tend to neglect
investment in cybercrime prevention.
This has made them a popular target
for cybercriminals.”
Njoroge says investments in
cybersecurity made in Kenya tend to
focus on endpoint security, but claims
Kenyan enterprises tend to suffer from
an over-reliance on cybersecurity offered
free by digital service providers, leaving
them susceptible to cyberthreats.
•
Email security is essential
Ransomware and insider threat are
frequently identified as the biggest
cyberthreats currently facing Kenyan
enterprises. In addition, Pinnock
highlights malware and social
engineering as two particularly relevant
cyberthreats in Kenya currently: “Both
kinds of attacks start with a simple
email in 9 out of 10 cases. Email systems
need to be secured. This needs to go
www.intelligentcio.com
•
Cybersecurity awareness training:
90% of all cyberattacks commence
with phishing. As such, CIOs
need to invest in training to
fortify employees against savvy
cybercriminals
Reputable endpoint solutions which
are updated in real-time against the
evolving techniques of modern day
cybercriminals, with features such
as anti-spyware, antimalware, HIPS
and anti-spoofing
Periodic security audits to detect
and prevent any vulnerabilities
within their environment
Data loss prevention solutions
to curb against the possibility of
compromise introduced from bring
your own device usage within
organisations. CIOs must set
policies and guidelines regarding
the insertion, use and retrieval of
data within their organisation’s
environment and enforce those
guidelines using DLP technologies
Encryption solutions to protect
particularly sensitive data, to
safeguard their customers’
information as well as their
organisation’s reputation.
is frequently cited as a crucial step
towards securing a safer cyber-future for
your enterprise.
Florian Malecki, International Product
Marketing Director at SonicWall,
describes this method as the ‘human
firewall’: “The employees and individuals
associated with enterprises need to be
constantly educated and updated on the
latest threats and how they themselves
can be a vulnerability. They need to
ensure that devices brought to work and
connected to the network are secure.”
Njoroge concluded: “Cybersecurity
infrastructure needs to be rethought
as an operating expense rather than
a capital expense on the company
balance sheet. Digitisation will continue
to disrupt and evolve businesses in
Africa, enterprise executives need to
understand that cybersecurity is part
and parcel of their digital strategy and
should appropriately budget for it.
“Companies also need to collaborate to
hedge themselves against the evolving
threat of organised cybercrime. As
cybercriminals collaborate, innovate and
execute collectively, enterprises continue
to have a siloed approach towards how
they combat cybercrime. This enables
cybercriminals to innovate quicker,
attack faster and extort more funds from
intimidated enterprises.”
[ 22
Kenya Cyber Security Report 2016
Achieving Cyber Security Resilience
98.8%
Summary of findings
According to the survey findings, 98.8% of respondents have a general understanding of
what cybercrime is. With the many advances in information technology and the transition
of social and economic interactions from the physical world to cyberspace, it’s expected that
majority of individuals have a general idea of what cybercrime is.
01
93% of organisations are
concerned by Cybercrime.
05
about
93% Concerned
cybercrime
while
3%
of respondents
have a general
understanding of
what cybercrime
is
63% of organizations allow
the use of Bring Your Own
Device (BYOD)
63%
Not Concerned
allow
38%
dont
02
CyberCrime is a problem
rooted in technology, says
34% of the organizations.
34%
06
believe its rooted
in technology
51%
while
22%
03
Have a BYOD Policy
believe it’s rooted
in the society
while
93% research on cybercrime
regularly but 7% have no time
allocated to this.
information
93% research
on cybercrime
regularly
while
04
7%
07
41% dont
71% of respondents have
experienced Cyber crime
in the last 5 years
71%
have experienced
work or at personal
capacity
have no time allocated to this
More than 42%
organisations DO NOT
regularly train their staff
on cyber security.
42%
41% of organizations don't
have BYOD Best Practice
Policies in place
not given training or get
training only when an
incident occurs
35% are annually trained.
08
84% of the victims have suf-
fered negative impact of the
effect of cybercrime
84%
experienced negative impact e.g
loss of money,down time,
Inconvenience, psychologically
harmful and loss of reputation
Enhancing Visibility and Increasing Awareness
Preparedness, in terms of technical
and awareness training for employees,
www.intelligentcio.com
Summary of findings from Serianu’s ‘Kenya Cyber Secuirty Report 2016’.
(Source: Serianu)
INTELLIGENTCIO
41