Cyber-security concerns rise as more websites are attacked

By Macharia Kamau

Tens of websites run by the private sector as well as State agencies were last week defaced. Among the websites tampered with include that of the Competition Authority, the National Biosafety Authority and the Kenya Agricultural Productivity Project (KAPP).

KAPP is a government project partly funded by the World Bank. It contributes to the revamping of agriculture through institutional reforms. Some of the websites had been restored by close of business Friday.

 The attack also affected local firms. It is however not the first time that there has been such an attack on Kenya’s cyber-space, and a reminder of the country’s vulnerable.

There have been numerous instances where local private and public sector organisations have had their websites defaced. An incident that happened last year saw more than 100 websites run by State agencies tampered with. There have been instances where Authorities have brushed off previous attacks as non-lethal — with the perpetrators seen as programmers showing off their skills.

.

Keep Reading business

•  SIB partners with CISI to elevate professional standards and enhance financial advisory skills among staff
•  Angola ICT Minister: Invest in space industry to ensure a connected, peaceful Africa
•  NCPB sets in motion plans to compensate farmers for fake fertiliser
•  Governors reject revenue Bill, demand Sh439.5 billion allocation
•  Firm linked to fake fertiliser calls for arrest of Linturi, NCPB boss Premium

 The attacks, whose frequency has been growing at an alarming rate, brings to fore the low level preparedness in Kenya.  Analysts warn that hackers could launch a major attack, leading to massive losses.

Private entities

The Communication Commission of Kenya recently set up the Kenya Computer Incident Response Team (KE-CIRT) to handle cyber-attacks on both public and private entities in the country — but is seen to reacting slowly in fighting cyber-crime in Kenya.

Industry players say government programmes take long to roll out, which has in the past hampered the effectiveness of the KE-CIRT). Sam Keiru Dimension Data’s pre-sales lead for East Africa told a recent cyber security conference that the State should leave the  private sector take the lead in the initiatives aimed at fighting cyber-crime to yield better results.

 “State initiatives take time roll out. Even then, people do not trust governments. It would be easier and fast if these initiatives are driven by the private sector,” he said.

“A CIRT that is private sector driven would mean we have a pool of skills that understand the threats and have mechanism to respond early enough to prevent a threat from taking place. Such a skill set can then be outsourced to organisations as firms realise that setting up such a unit internally is high.”

He noted that the level of threats by cyber criminals has over time escalated. “We are unprepared for the threats … there are enterprising criminals out there offering denial of service attacks, meaning that a threat to an organisation might not necessarily be an IT expert by someone motivated enough to hire the services of such criminals,” said Keiru. Other initiatives targeted at increasing awareness as well as fighting crime on technology platforms include the Public Key Infrastructure and a planned National Cyber-security Master plan.

Among the sensitive websites  attacked included the Kenya Police Service, the Central Bank of Kenya. The International Telecommunications Union (ITU) recently launched the Global Cyber-security Agenda to enhance security in the information society.

A joint ITU and Symantec 2013 report noted that they are now more targeted attacks, with an increasing focus on smaller businesses. The report also notes that cyber-espionage and targeted attacks are on the rise, going up 42 per cent last year. Web-based attacks went up 30 per cent, making ill protected sites an increasing cyber security risk.