CYBER-SECURITY is still a major issue for business in East Africa’s biggest economy. In fact, according to Africa’s Cybersecurity report, the cost of cyber-attacks in Kenya is approximately US$210 million with the most vulnerable being SMEs and particularly those in the financial services sector. In addition, there is a huge talent gap that exists with the number of qualified cybersecurity experts in Kenya estimated at 1 600 against the expected demand of 40 000 professionals.
These figures are concerning as, if we consider the move towards digital transformation, and growth of cybersecurity threats, organised cybercrime is no longer just a boardroom headache; it’s increasingly a very personal one and companies need to look at more effective ways to manage their cybersecurity.
TechnoAfrica interviewed Riaan Badenhorst, the General Manager at Kaspersky Lab Africa, on the issue. Below are the excerpts:
TechnoAfrica: What threats are on the rise that Kenyan companies need to be aware of?
Badenhorst: The threat landscape in the second quarter of this year gives us lots of cause for concern regarding mobile users’ security. The overall growth in mobile malware installation packages – especially associated with banking – demonstrates that cybercriminals are constantly creating new modifications to their malicious software to make it more sophisticated and discreet for cybersecurity vendors to detect
In fact, in the second quarter, we detected and repelled 962,947,023 malicious attacks from online resources located in 187 countries around the world – this is over 20 percent growth against the previous period. Attempted infections by malware that aims to steal money via online access to bank accounts also grew by over 5 percent in comparison with Q1 2018: such attacks were registered on 215,762 user computers. Users and the industry should be extremely cautious and vigilant in the coming months as the trend continues to grow.
Additionally, we are also seeing a rise in ransomware. Just look at Wannacry for example. The Communications Authority of Kenya reported that it received reports of the encryption based cyber-attack in form of ransomware. The ransomware infects window-based computers, denying the user access to the computer until a ransom is paid. Ultimately the virus tries to infect other computers within the organisation and demand a ransom from each infected computer which may leader to operation halt and force the hands of many organisation to pay in order to resume work. In 2017 alone, a total of 19 companies where hit by these attacks.
What makes Kenya an attractive/lucrative market for cybercriminals? Why Kenya of all countries in the region/continent?
A:There are many factors that can make a country or companies within a certain country vulnerable to attacks and there are few things that may be the cause of cybercrime:
Existing gaps in existing cyber security laws – policies, laws, regulations or lack of support from top-level management
Lack of awareness or investment in information security.
Shortage of information security experts in the country.
Poor information security policies in organisations.
Lack of support from top-level management.
Kenya is a growing digital economy. As Internet usage grows and given the fact that cybercriminal activity is advancing globally, with more businesses in Kenya relying on technology, connecting to more devices, as well as aspects such as Bring Your Own Device (BYOD) and the Internet of Things (IoT) for work and social purposes, this opens up any business and person to the world of security threats. And where there is opportunity, there are cybercriminals.
The financial services sector and SMEs appear the most targeted. Is there a reason why specifically them?
According to Africa’s Cybersecurity report, the cost of cyber-attacks in Kenya is approximately $210 million with the most vulnerable being SMEs and particularly those in the financial services sector. This is because with digitalisation transforming economies, more and more businesses are automating services, relying more on technologies which opens them up to new vulnerabilities. In fact, attacks on ATMs continue to rise with attackers looking at ways of infiltrating bank infrastructure and payment systems using sophisticated malware.
From a SME perspective, while it may seem small and unattractive to cybercriminals, given that small businesses often lack the resources (capital and human) to expertly and securely manage their IT infrastructure, they can be easy targets.
Regarding a huge talent gap that exists with the number of qualified cybersecurity experts in Kenya against rising demand, how should government and stakeholders address this?
A: There is a huge talent gap that exists with the number of qualified cybersecurity experts in Kenya estimated at 1 600 against the expected demand of 40 000 professionals. These figures are concerning as, if we consider the move towards digital transformation, and growth of cybersecurity threats, organised cybercrime is no longer just a boardroom headache; it’s increasingly a very personal one and companies need to look at more effective ways to manage their cybersecurity.
However, this is not just a Kenyan issue. Businesses around the world are experiencing a talent shortage in their cyber security divisions. In fact, the lack of qualified IT security talent remains a prevalent issue for businesses around the world. A study by Frost and Sullivan estimates 1.5 million cyber security positions will be open and unfilled by 2020.
IT security has become a central element of our digital lives, but it is not necessarily a topic that attracts a huge amount of talent – although people working in the industry can expect secure, highly paid and challenging jobs. As such, it is critically important that government and stakeholders raise awareness and build capacity be able to address the issue and balance the demand in the market.
What, according to Kaspersky is the solution to the cybercrime crisis in Kenya?
In a highly competitive environment where the consumer is king and can look for any excuse to change brands, Kenyan companies can’t afford not to factor in the brand reputation damage that a cyber-attack can have on a business. Brand reputation is critically important. The sooner an organisationrealises that it is only a matter of when, rather than if, it gets hacked, effective pro-active cyber security processes can be put in place – which is exactly what businesses need to do to be prepared.
As a starting point, firstly, Kenyan businesses must access their security needs and choose a reliable and comprehensive security solution that will make it easier to protect the business’s IT infrastructure. The right security solution will offer tools that include device security for different operating systems, traffic filtration and software updates. Secondly, once the solution is in place, the business must work with specialists or IT departments managing the solutions, to ensure that the solutions are consistently operational. Lastly, it is criticallyimportant to develop a cyber security policy for the business – one that clearly outlines all aspects linked to cyber security and the steps that should be followed and adhered to by all staff. This of course should be shared with all employees and enforced.
Cyber security today is as much a defensive strategy as it is an offensive one. A strategy that incorporates a threat prevention, dictation, response and prediction scope is a successful one. A business must ensure that the right cyber security technologies and solutions are in place to provide the business with peace of mind that their most important asset will be protected – their data. The financial consequences or damage to brand reputation as a result of a cyber-attack could be devastating for a business – no matter the size.
How is Kaspersky contributing to addressing the crisis and how has the response been to Kaspersky input from government and stakeholders?
We believe that everyone – from home computer users through to large corporations and governments – should be able to protect what matters most to them. Whether it’s privacy, family, finances, customers, business success or critical infrastructure, we’ve made it our mission to secure it all. We succeed in this by delivering security expertise, working closely with international organisations and law enforcement agencies to fight cybercriminals, as well as developing technologies, solutions and services that help businesses and consumers stay safe from all the cyberthreats out there. GReAT, our Global Research and Analysis Team, is an elite group of security experts, who operate all over the world and provide leading anti-threat intelligence and research. The team is well-known for the discovery and dissection of some of the world’s most sophisticated threats. Additionally, to effectively fight cybercrime, we cooperate with the authorities of many countries, including international law enforcement agencies along with commercial and public entities, providing technical consultations or expert analysis of malicious programs as we believe that protection begins with education. – TechnoAfrica