Following the recent WannaCry Ransomware attack that hit the world on Friday, May 14, Kenya’s Cabinet Secretary Joe Mucheru said on Tuesday, that the government was keenly following developments to safeguard people and corporations in Kenya.
The CS didn’t divulge more details about how this is being done.
“We have heightened our cyber monitoring and surveillance mechanisms to prevent and eliminate any remote possibility of attack”, explained Mucheru who was speaking at the Cyber-Security & Banking Forum organized by Citibank and the ICT Authority, where he challenged the financial services sector to improve information sharing and reporting on Cyber-security breaches.
“Breach notification eliminates the clandestine attempts by hackers to attack systems and enables synergized efforts towards the prevention of the criminal activity as well as their prosecution”, he said.
The ICT CS added that this would also aid in quantifying the exposure and resilience of organizations both in public and private sector to cyber security incidents. He further pointed out that although the financial services sector relied heavily on various financial technology to link to each other and the larger economy, it was yet come up to par in terms of Cyber-risk preparedness.
“With more than 75.3% of Kenyan citizens included in the formal financial services in the country, one would logically expect a corresponding increase in cyber security investments in the industry, statistics indicate this is not the case currently”, explained Mucheru.
The Kenya Cyber Security Report 2016 by Serianu indicated that about 44% of financial institutions run on a cyber-security budget of a paltry USD1 to USD1,000 annually, whilst another 33% of financial institutions in Kenya have zero spending on all matters cyber security. The report further noted that a whopping USD175 million has been pilfered from Kenya’s economy by savvy cybercriminals. Estimates show that cybercrime could cost the global economy up to USD575 billion in 2017.
The CS also said the cabinet has already approved and forwarded to parliament for debate the Computer and Cyber Crimes Bill that seeks to increase penalties for cybercrime and related corporate espionage. Once enacted, the new law will attract 25 years of imprisonment or a fine of Ksh 25 million or both. The Bill draws heavily from best practices elsewhere including the Budapest Convention on Cybercrime that was passed by the Council of Europe in 2001.
Unconfirmed reports claim 15 firms in Kenya have been affected by the WannaCry attack.