The Kenya government and local technology firms see taking up cyber insurance as a key measure in the process of heightening surveillance and protection of their critical networks and infrastructure amid a rising threat from cybercriminals targeting suppliers. Known as supply chain attacks, these breaches are the latest tool in a vast arsenal being employed in cybercrime.
Speaking at the close of this year’s edition of the ISACA Conference, Dr. Kipruto Ronoh, the acting Director at the ICT Authority said that supply chain threats were increasing and becoming more severe and sophisticated.
Tanasha Never Got Diamond to Visit Her In Nairobi, And This Is Why
“Even as we expand and intensify our coordinated law enforcement efforts on data security, our analyses of past incidents show that the threat actors are becoming more malicious and their attacks more severe,” he explained adding that the government had identified the focus third party suppliers, especially of online services as key attack targets. Taking up cyber insurance policies, carrying out deep assessments, and signing strict compliance agreements are some of the expected steps to be taken to raise protection.
A recent survey by the Ponemon Institute showed that 56 percent of organizations have had a breach that was caused by one of their suppliers and the average number of third parties with access to sensitive information at each organization has increased from 378 to 471. At the same time, only 35 percent of companies had a complete list of all the third-party companies they were sharing sensitive information with, and 18 percent of companies knew if those vendors were, in turn, sharing that information with other suppliers.
How I started my insurance business
Wycliffe Mabwa, Vice Director of Assurance and Managed Services at Huawei Kenya recommended a thorough assessment of critical suppliers by understanding every component and material they use, controlling access for hardware and software, using the latest patches, establishing an accountability process for supply chain security risk management and to collaborating with them to recover and respond in case they are attacked.
“This means maintaining an active interest in the cybersecurity apparatus implemented by your suppliers across the board,” he noted.
Most commonly, attackers look for the weakest links in a supply chain by for instance targeting small vendors with no cybersecurity controls or open-source components with a small community or lax security measures. Typically, the cyber threat actors will compromise one organization and then move up the supply chain, taking advantage of these trusted relationships to gain access to other organizations’ environments. They do this by adding backdoors to legitimate and certified software or compromising systems used by third-party providers. These attacks are difficult to detect with elementary defenses.
The COVID-19 pandemic may have exacerbated the situation by transforming modern business and pushing many organizations to remote work and cloud adoption when they might not have been fully ready to make the move. As a result, security teams – which are often understaffed due to the cybersecurity skills gap – are overwhelmed and unable to keep up.
