We are living in an era of digital disruption, with Kenya fast becoming a digitised economy with a tech-savvy population.
Now you no longer have to queue at a bank for basic services, or spend needless hours at Government offices renewing licences. Technology has ensured that a taxi is just a click away, you can shop from the comfort of your couch, or renew your passport at the touch of a button.
A majority of basic services have now become accessible remotely, but with these developments, sensitive information can get into the wrong hands with devastating effects.
Kenya is increasingly becoming vulnerable to cyber-attacks as the Government continues spearheading digitisation by automating several processes with programmes like Ifmis, eCitizen, iTax, and the ongoing digitisation of the land registry.
These systems hold a lot of sensitive, personal data relating to wananchi. The growth of mobile money transfers as well as the shift towards online banking has further increased the risk profile of our digital space.
Worrying trend
According to the findings of the PwC Global Economic Crime Survey 2016, the frequency of reported cybercrime incidents among respondents increased sharply, climbing from fourth to second place among the most reported economic crimes globally.
Notably, cybercrime was the only economic crime indicated to have registered an increase. A worrying trend from the survey is that 18 per cent of respondents said they didn’t know whether or not they had suffered cyber-attacks.
Cybercrime is an organisation-wide problem, and redressing cyber vulnerabilities needs to start by setting the right tone at the top.
Leadership buy-in and involvement in the risk assessment process is key to addressing the changing threat landscape and attack vectors.
Having a well-trained, resourced and functioning response team will enable organisations identify potential cyber threats and act upon mitigating them in an efficient and effective manner. An organisation that is prepared to handle a cyber crisis is better placed to thrive in a competitive environment.
Rehearsals and simulations
Cyber-incident response teams must frequently review the effectiveness of the preventative measures implemented, including systems and controls.
Adopting a proactive as opposed to a reactive approach ensures the teams stay ahead of the curve when it comes to identifying and managing any cyber-attacks that may come their way.
Other useful strategies that organisations can employ to remain prepared in the face of cyber-attacks include rehearsals and simulations, security trainings, awareness sessions, security data analytics, as well as conducting forensic readiness assessments.
Stay informed. Subscribe to our newsletter
Weak or non-existent legislation has been known to create an enabling environment for cybercrime to thrive, with criminal elements beyond our borders taking advantage of the weak laws to continue to commit crimes.
The private sector, together with Government, should enact legislation that will safeguard the interests of citizens when it comes to cybercrime.
The reality, however, remains that while cyber criminals can exploit even the most fortified security walls, a proper risk assessment can help prioritise investment and plans of action.
Building resilience in the face of cybercrime vulnerabilities is key in responding effectively.
The writers work at PwC Kenya’s Forensics Services Practice.
The Standard Group Plc is a
multi-media organization with investments in media platforms spanning newspaper
print operations, television, radio broadcasting, digital and online services. The
Standard Group is recognized as a leading multi-media house in Kenya with a key
influence in matters of national and international interest.
join