In recent years, business innovation and growth in Kenya has been driven by technology adoption. However, it has exposed the country to new emerging threats. According to the 2014 Kenya Cyber Security Report, the continued adoption of online and mobile banking services is leading to new threats of which, only six per cent of online banking portals have adequate online security.
“Cyber-terrorists, spies, hackers, and fraudsters are increasingly motivated to target our ICT infrastructure due to the increasing value of information held within it – driven by our growing dependence on them – and the perceived lower risk of detection and capture in conducting cybercrime as compared to more traditional crime,” noted William Makatiani Managing Director Serianu Limited.
The survey was carried out by Serianu Limited backed with the concern that in 2013 the number of cyber threat attacks detected in the Kenyan cyberspace grew by 108 per cent to 5.4 million attacks compared to 2.6 million attacks detected in 2012. According to the company’s report, 33 online banking portals were sampled, in which only two banking portals were found to have adequate online security deployed on their web application. More so, majority of the web applications reviewed, were found to lack strong encryption thus susceptible to phishing attacks, the report said.
Other than that, with the continued popularity of Mobile money adoption in the region, criminals have been drawn to the new money transfer channel. In 2013, the study noted an increase in mobile money fraud targeting individuals and organisations in which, the fraudsters were discovered to be getting innovative and very fast on finding loopholes in new controls implemented by merchants, banks and consumers.
While cyber networks are vulnerable, there have been numerous attempts to penetrate cyber networks operating in Kenya. The attacks observed were found to originate from the cyber space of a number of countries including Kenya. Attackers were found to be compromising computer systems located in Kenya and using masquerading techniques and hidden servers to hide the identity of actual system from which the attacks are being launched.
In all, the report concluded that as the country moves forward, an understanding of the increasing security risks and how to manage and mitigate them must be emphasized and accelerated at all levels, from government, internet service providers, public and private organizations, citizens to students. Organizations must also establish and maintain adaptable security policies, processes, and infrastructure that can be used to coordinate response to ICT security threats.
Lastly, apart from continuous training to ensure security practitioners secure critical ICT infrastructure, the report noted that there is a strong need for defined security processes, better intelligence and continuous monitoring.