advertisement
The Future of Cyber Security in Kenya
Kenya has been dubbed the Silicon Savannah, a term that has spearheaded startups and investments both locally and internationally. As…
Kenya has been dubbed the Silicon Savannah, a term that has spearheaded startups and investments both locally and internationally. As a Silicon Savannah, the focus was only on the advantages that the term brought to Kenya, though reports are showing this is also causing Kenya to be a hub for cyberattacks.
According to a 2018 report by Checkpoint Software Technologies dubbed, “Welcome To The Future of Cyber Security” Kenya is currently on the rise with 2018 major malware types globally citing ransomware, cryptominer, banking and mobile.
Globally ransomware attacks on average impacting on organizations range between 2% to 8% whilst in Kenya the ransomware attacks on organizations are 4% to 16% as of July 2018.
advertisement
In an interview with Andrew Voges, Threat Prevention Sales Leader, Middle East and Africa on the impact of ransomware in Kenya. He said, “If a company has had a ransomware incident, it takes a company roughly 10 days to remunerate from a user perspective hence how much does a company lose in 10 days it could be millions. There is a big impact in regards to money.”
Globally cryptominer attacks on average impacting on organizations range between 16%-38% whilst in Kenya the ransomware attacks on organizations are 52%- 82% as of July 2018 read the report.
“On the top 5 of the cyberattacks we’ve got three cryptominers and some of these cryptominers can be launched from a webpage, it is as easy as opening a webpage and that launches malware into your system. It actually uses your resources to do cryptomining for the bad guys,” Voges said.
Globally banking trojans attacks on average impacting on organizations range between 3%-6% whilst in Kenya the attacks on organizations are 7%-23% as of July 2018, whilst globally mobile attacks on average impacting on organizations range between 16%- 28% and in Kenya the mobile attacks on organizations are 44%-70% as of July 2018 read the report.
advertisement
On how Kenya can mitigate the risks of cyberattacks Voges said, “If you look at the gap between global trends and Kenya it means that the security measures that the organisations have put in place is not sufficient. What we see from insights and this is not just from our own but from intelligence perspectives feeds coming from other vendors like Cisco, McAphee, on banking trojans, cryptominers, ransomware and mobile currently means that the security measures are not in place.”
“Kenyan organisations need to start thinking about the future because I think the mentality is all about what they are currently trying to fix from a security perspective. Do they have the right solutions on a network, that’s where they are focusing on and is what is going wrong now, instead of thinking that they have to start looking other advance technologies,” he added.
Shifting Kenya’s mindset is crucial in this fight on cyberattacks especially from the current to the future is very important not just from a financial perspective but from a management perspective and operations perspective.
“What we see from a global perspective is a drive towards consolidation and I think from a Kenya perspective that also needs to take an effect. Kenya needs to start looking at the holistic approach of security. A solution that is going to give you the insight of what it is currently happening on a security perspective and also mitigate the risk,” Voges stated.
advertisement
Since the fight on cybercrime started three elements have been spoken on in order to curb the continuous rise of cyberattacks. People, processes and technology are the three elements for a successful organizational transformation. Tightening all the three areas should ensure the thriving of one’s organization as they are a vital part of security.
“In human vulnerabilities, education is key. In cases of phishing, a bad guy gets into your system/ to either initiate a ransom or getting information on your company. If your employee is not aware that a link on their email can be malicious, they will click on that link. It comes down to education and this is where internal communication is key because you need to educate internally,” he added.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, password and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. It is currently on the rise as one huge cyberattack. Phishing is not just coming on your desktop and email anymore it is also coming on your mobile so you have to secure the devices from a technology perspective and drive the policy as a corporate through the process. But education is key because you are not 100% secure with any technology.
There’s a drive to cut down cost to be profitable. A move to see this in effect with big organizations, global organisations is through cutting down costs such as hardware cost, services, maintenance, power, organisations look at all things to drop cost and make them profitable.
This is the way Bring Your Own Device (BYOD) came into play because earlier, companies used to supply cellphones and mobile devices to the users but it costs too much, there’s contract cost, insurance cost.
“BYOD makes it easy for you to save those costs, the users can still use their phones but the work applications are private with mobile device management and security. If you’ve got the right security that protects you against the different vectors on a mobile phone, you will be secure. You can then mitigate as well up to 99%, you can block access to corporate resources because that is the important thing. You definitely don’t want to block the user from their device as the user is the only one sharing their information with the corporate,” Voges concluded.
The idea is that as an organization you have to have a multilayered approach to the different surfaces and mobile is one of those surfaces.