ICT CS Joe Mucheru calls for information sharing and reporting on Cyber-security breaches

Joe Mucheru, Cabinet Secretary in the Ministry of Information and Communication Technology (MoICT) challenged the financial services sector in Kenya to improve information sharing and reporting on Cyber-security breaches.

Speaking at the Cyber-Security & Banking Forum organized by Citibank and the ICT Authority, the CS said standardized reporting would also help in quantifying the exposure and resilience of organizations both in public and private sector to cyber security incidents.

This comes after the last week’s worldwide WannaCry ransomware atttack, that spread rapidly around the globe by exploiting a vulnerability in computers running unpatched versions of Microsoft’s Windows Operating System affecting some major hospitals.

“Breach notification eliminates the clandestine attempts by hackers to attack systems and enables synergized efforts towards the prevention of the criminal activity as well as their prosecution”, he said.

“In the aftermath of ‘Wannacryptor’ ransomware attack we can see from statistics a trend that indicates potential under reporting of both successful and unsuccessful attacks especially noting that over eighty percent of personal computers and servers in Kenya run on the Windows Operating System”, he explained.

Internet security company ESET East Africa has added its voice to the call for legislation to compel organizations to share or release information to a supervirosy authority, affected individuals or organizations in case of cybersecurity breaches.

According to Teddy Njoroge, ESET Country Manager in charge of Kenya, Uganda, Tanzania and Rwanda, this would help responsible branches of government, businesses as well as Cybersecurity services vendors to keep ahead of cyber-criminals.

“Due to the siloed and secretive manner in which breaches are reported in Kenya, another attack similar to ‘WannaCryptor’ ransomware could be devastating if directed to critical institutions such as health, government and especially the financial services sector”, He said.

ESET recorded eight ‘Wannacryptor’ attack attempts in Kenya during the period May 14th to 16th 2017. In Africa, worst hit was Egypt which recorded 1,592 attempts followed by South Africa at 386 and Nigeria at 42 attempts out of the 15 countries that registered attack attempts.