Kenya’s financial services sector, in particular its banking, is the largest, fastest-growing, and most mature in East Africa. This means that it is also an attractive target for ransomware and malware attacks, particularly as digitalisation continues to change the game for banking.
The Data Protection (General) Regulations, 2021, which came into effect in December 2021, have highlighted the importance of protecting this most important asset. The reality is that ransomware prevalence is so high that an attack is a matter of ‘when,’ not ‘if.’ Ignorance can no longer be used as an excuse for not protecting data.
Same risk, increased awareness
Although digitalisation has changed the way financial services in Kenya operate to a certain extent, the risk to data remains essentially the same as it ever was. If malware breaches occur, or data is lost or deleted, there is a risk to business that can have detrimental consequences. With the General Regulations now in force, there is increased awareness around the need to protect data, in line with international trends and best practices. While data protection has always been important, it is now mandatory because it is regulated.
Education is key
Data security remains the biggest issue facing financial services organisations in Kenya, and gaps in data protection mean vulnerabilities that can be exploited by malicious actors. With ransomware and other attacks on the increase, it has become imperative to address these gaps in a more proactive manner. This starts from the inside, with internal processes and education on the risks and the need to safeguard data, particularly personal information. Financial services and other organisations need to become stricter in how their internal users interact with data and become more proactive in monitoring, detecting anomalies, blocking suspicious activity, and essentially protecting data as a whole.
Starting from the top
The first step in protecting data is the ability to identify critical and/or sensitive data as well as the risk that it is exposed or potentially exposed to. This requires an intelligent solution to help identify and highlight sensitive data that is either at risk or stored incorrectly. Once it has been identified it can be proactively protected or moved to more appropriate storage to avoid exposure and data leakage. Once again, however, this begins with awareness, because if organisations do not know what data they have or where it is, it cannot be protected effectively. Proactive solutions are also essential because reacting to an event after the fact means that it is more difficult to recover efficiently or at all.
Financial services are the foundation
Trust in financial systems is imperative for the stability of countries, and the trust of customers is the number one determinant of success. These businesses are also large enterprises entrusted with extremely sensitive personal information. This not only makes them attractive targets for ransomware, but it also means that the reputational damage of an attack can have catastrophic consequences.
Having a trusted partner that is a specialist in data protection is essential in helping financial services organisations in Kenya keep up with the dual challenges of increased attacks and a growing body of legislation. A complete protection solution, offered via Software as a Service (SaaS) through a trusted partner, helps financial services organisations to identify sensitive information and security gaps, be proactive in preparing for an attack, and react efficiently and effectively to protect data, their most important business asset.
Written by Bar Hori, Regional Sales Executive at Commvault for Africa.
For more of this content, register for the Africa Fintech Summit, 2022.