Cyber Security in Kenya: The advent of technology has been a double edged sword. On one hand, it has provided businesses with an efficient, easy-to-use platform on which profit and growth have been accelerated. On the other hand, it has also given leeway to cyber threats.
With Kenya’s fast-growing cyber connectivity, many businesses have found themselves exposed or operating in vulnerability to cyber threats. For example, according to a report by IT Solutions firm Serianu, Sh. 18 billion was fraudulently withdrawn from numerous bank accounts in 2017 in a series of cyber-attacks. In the same year, banks lost a whopping Sh. 21.2 billion to such attacks. Additionally, according to a report by the Communications Authority of Kenya (CA), the National Cyber Security Centre (NCC) detected over 3.8 million cyber threats in the first quarter of 2018-2019.
Granted, cyber-attacks will not wilt any time soon. For instance, in Kenya, there’s barely a day that goes by without a major data breach and, or an organization or business that has unsuspectingly fallen victim to ransom ware, spear-phishing or impersonation fraud. “Cyber risk can crystallize in various forms such as an attacker cracking an admin password to gain unauthorized access to company systems. A distributed denial of service attack, where the organizations servers or network resources are flooded with internet traffic by multiple compromised computer systems or IoT devices with the aim of making them crush or slow down,” says Wangui Muchui, a IT analyst.
This is echoed by Rick Rogers, a director at a regional software firm. “Given that African countries are a choice target for cybercriminals, we need to recognize the continent as an important region for growth and investment. It is therefore important for organizations across the continent to have greater access and direct services required to deliver unprecedented protection against current and potential attacks,” he says. Alarmingly, mobile attacks on Kenyan companies are growing in prevalence. This is despite the effects of major malware such as cryptominer, and banking Trojans. “When comparing the impact of these attacks to the global market we find that Kenya averaged 25 per cent to 35 per cent higher between January and August this year 2018. This must not to be taken lightly,” says Rogers.
Evidently, this then makes it a paramount necessity for businesses to employ cyber-security guards. Unfortunately, there have not been many reputable firms offering cyber-security services in Kenya. In January, though, leading telecommunications firm, Safaricom ventured into the cyber-security solutions field in a move that also came as a diversification of its business units. According to Safaricom chief executive officer, Bob Collymore, the new venture is tailor-made to cater for every need. “We developed this proposition based on the awareness that customers have unique needs and different budget levels,” he says. Interestingly, the cyber security offering from Safaricom is designed to not only to offer efficiency, but also accord value on its solutions.
Under the Safaricom security products, companies, enterprises, and individuals will be able to secure their emails, websites, manage vulnerabilities, test and audit I.T systems, and access real-time monitoring services. Safaricom will also provide businesses with data service and dedicated solutions for data storage, hosting, and other security problems. “The cyber-security services generally include managed security solutions, security assurance and advisory services, and managed security operations center solutions,” says James Ndegwa, an IT expert based in Nairobi.
Strikingly, there have also been attempts to nip cyber-attacks in the bud through legal frameworks. For example, in Kenya, the Computer Misuse and Cybercrimes Act provides specific penalties for cyber-crime offenders.
Notably, most businesses have shied away from getting cyber-security services due to the high costs that are commonly cited. For example, says Mr. Ndegwa, chief security officers will often tend to cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. “They also note that their security departments are increasingly complex environments with 65 per cent of organizations using 6 to 50 security products, which rapidly increases their cyber vulnerability,” he says.
When properly adapted, though, the benefits of cyber-security solutions are limitless for businesses. For example, according to a 2018 Vodafone report, 48 percent of cyber ready businesses have reported more than 5 percent increases in annual revenue as well as high stakeholder trust levels. “The need for local businesses to partner with security specialists that can help them remain one step ahead of the game is essential,” says Rogers.