The Kenya government is in the final steps to introduce stiff penalties to cybercriminals if its latest bill passes parliament and gets presidential assent into law.
“We have the Computer and Cybercrimes Bill, 2016 which is headed to parliament. We want to introduce stiffer penalties for cybercrime and online corporate espionage,” said Mr Mucheru when he presided over a funds drive to improve the infrastructure of Lenana School.
Mr. Joe Mucheru, the ICT Ministry Cabinet Sectretary said the bill if passed into law will see cybercriminals get 20 years in jail or Ksh 20m ($194,000) in fines or both if convicted. However, he also urged the private sector to bolster investment in cybersecurity to curb the growing incidences of cybercrime targeting Kenya’s digital economy.
Mr. Mucheru urged the private sector to invest in cybersecurity infrastructure to complement ongoing Government efforts to curb the vice, citing investment opportunities for players in the internet security space to ensure security infrastructure matches current threat trends.
The Kenya Cybersecurity Report 2016 published by Serianu Limited, estimates that about 44% of financial institutions run on a paltry cybersecurity budget of $1-1,000 annually, whilst about 33% of financial institutions in Kenya have $0 spend on all matters cybersecurity.
“With more than 75.3% of Kenyan citizens formally included in financial services, one would logically expect a correspondent increase in cybersecurity investments in the financial services sector. Regrettably this is the opposite in the case of Kenyan banks,” said Teddy Njoroge the ESET East Africa Country Manager during the recent Connected Summit 2017.
Mr. Mucheru said jobs were moving online with the freelancing economy in the United States clocking US$1 trillion and about 34 percent of Americans working online.
“The very essence of introducing Ajira Digital in partnership with Rockefeller Foundation and the Kenya Private Sector Alliance was to tap online job opportunites for the youth. We will not relent on this initiative because of challeges posed by cybercrime,” he added.
Over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent, this is according to the Cisco 2017 Annual Cybersecurity Report.
In the report, Chief Security Officers cited budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Business leaders also revealed that their security departments are increasingly becoming complex environments with 65 percent of organizations using between six and 50 security products, thus raising the potential for security effectiveness gaps.
The CS urged local businesses to focus on opportuities in addressing potential challenges around Internet of Things (IOT) and mobile communications that are fast becoming new targets of attack by cybercriminals.
“In the next one year we expect that over 40 million new devices, mainly smart phones will be imported into the country, all these are potential new targets especially if users are ot aware of the cyber risks,” he explained.
While it is laudable that up to 63% of financial organisations in Kenya have an in-house cybersecurity department, the Serianu report 2016 indicates that only 29% of the employees within in-house cybersecurity departments in financial organisations are cybersecurity trained certificate holders.