CyberSecurity experts have urged the insurance and banking sector to implement their security levels in Information Communication Technology (ICT) practices.
Currently over 20 million Kenyans access the internet through mobile devices, many of who use the same single device for personal, business and official work purposes.
According to ICT security company, ESET East Africa, the recent spike in cases of cyber attacks and breaches in the financial services sector is attributable to the slow pace of implementation of ICT security protocols.
Speaking at the quarterly CIO East Africa industry breakfast, Alistair Freeeman, Chief Executive Officer, ESET East Africa, said there still exists a huge gap between the speed banks and insurance companies are deploying technology solutions and the rate at which they are adapting these solutions onto secure frameworks.
“We have seen businesses move from using single static device environments and onto multi-layered devices and even cloud technology platforms. This means that we should be pushing for a synchronized security environment where aspects of security are shared at all levels of business“, said Freeman.
The Central Bank of Kenya (CBK) is said to have since taken positive steps in addressing the attendant security risks in the sector. Recently it ordered a full ICT Security system audit for all banks and insurance operators.
According to Freeman as companies invest in and integrate more ICT systems onto their processes there is an inadvertent increase in their risk profiles. These he said should be tested and re-tested regularly to wipe out loopholes.
“ Even with the highest level of security investment, the human element remains the weakest link within organizations especially where the Bring Your Own Device (BYOD) culture sustains. Noting that mobile malware is among the biggest emerging threat in cybersecurity today, a weak user proficiency policy among staff on ICT security matters is a major threat to any ICT security efforts“ he explained.
iiFreeman said that education and awareness on cybersecurity risks is the only way towards acheiving ICT Security maturity among staff and if the industry is to turn the tide in the fight against cybercrime.