and will go a long way in fighting the
epidemic currently gripping the country. The
new legislation will assist in capturing and
prosecuting these cybercriminals but what
happens if you’re the victim of an attack
before they manage to track these malicious
actors down?
The cyberthreat landscape has evolved
dramatically, hackers are smarter and
more sophisticated, they have formed
communities and share ideas and pursuits.
Many organisations think that defending
against spam, viruses and malware is
enough, but attacks have changed. Hackers
moved on years ago to using malicious URL
links found within emails and documents
and in recent years we’ve seen a significant
increase in impersonation attacks using
social engineering.
A recent global study by Mimecast and
Vanson Bourne saw that 92% of surveyed
organisations had seen targeted spear-
phishing attacks with malicious links in
the past 12 months. A total of 87% had
witnessed email-based impersonation
attacks asking to initiate wire transfers.
We’re also seeing insider threats gaining
www.intelligentcio.com
traction and a recent trend of supply
chain attacks from so-called ‘trusted’ thi rd
parties. The criminals are always one step
ahead in this war and organisations are
battling to keep up.
Unfortunately, organisations are relying on
mediocre email security that only touches
the surface when it comes to protecting
their business from threats. C-level
executives are failing to see the importance
of having advanced security, leaving IT
decision makers to fight an uphill battle.
Astonishingly, according to Serianu, as many
as 10% of Kenyan organisations have zero
budget allocated to cybersecurity products.
Even more unbelievable is that this is an
increase from 6% last year. Plus, the lack
of skills in the country makes this war even
harder – the study reports that there are
only an estimated 1,600 certified security
professionals in Kenya.
With these factors in mind, it’s not surprising
that the government has had to take steps
to help curb the growing instances of
cybercrime but it’s apparent that for many
organisations it’s only a matter of time until
they become the next victim.
Relying on the basic security provided by
cloud email providers is a huge risk that
could dramatically impact productivity,
business operations or even bottom line.
Furthermore, relying on defence only is no
longer enough. Organisations need to be
prepared for the possibility of a successful
attack and have risk mitigation techniques
in place.
This involves ensuring the stability of your
entire email environment before, during
and after an attack, by implementing a
cyber-resilience strategy for email. So, if a
breach occurs, you can keep email flowing
with a continuity service and recover from
ransomware quickly, with an archive service
that allows you to recover data to the last
known ‘good’ state.
The new cybercrime bill is a crucial move
in Kenya’s cybercrime war, but it’s up
to all organisations to play their part.
Laws can only do so much to protect
businesses; leadership teams need to
take responsibility and create a culture
with targeted programs geared towards
safeguarding their employees, customers
and business partners. n
INTELLIGENTCIO
45