Why companies in Kenya should tame cyber crime

It is estimated that 70 per cent of Kenyan businesses are vulnerable to cybercrime and the country loses about Sh15 billion annually due to the crime.
Part of the reason for the growing prevalence of cybercrime in Kenya is the country’s increasing digitization which has inadvertently exposed Kenyans to cybercriminals.

Furthermore, key stakeholders don’t fully appreciate the full range of risks that they are exposed to or how to mitigate against them. A recent “State of Cybersecurity in Kenya” study shows that the government is the most vulnerable sector to cyber criminals followed by the banking sector due to their increasing reliance on technology and third parties to perform and enhance their management and transfer of money.

Mobile and online banking channels carry with them inherent risks as they expose previously closed processes to the internet and the public Financial services and mobile are ranked third in vulnerability as these innovations are now seen as new payment channels and online services that facilitate easier access to money. The cyber security policies instituted in most Kenyan companies don’t reflect the magnitude, complexity and full range of risks they face.

For instance, many organisations have overwhelmingly embraced the Bring Your Own Device trend (BYOD) without factoring in the risks. BYOD is simply the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications.

BYOD can help save costs and even act as an incentive to younger employees. However, on the flipside, BYOD can severely compromise cyber security. Staff can access proprietary company information on their personal phones, including passwords, and share it with third parties either intentionally or unknowingly.

It is actually no surprise that employees (insider threats) account for 80 per cent of data related fraud in Kenya companies. Data fraud can include leaking sensitive confidential information or sharing trade secrets with competitors, both of which can cost billions in terms of reputational risks, lost business opportunities and litigation.

Companies therefore need to be aware of the loopholes of the BYOD trend and understand how to seal these loopholes, while still giving their staff the privilege of using their own devices. Specialist risk managers can help seal these loopholes as well as other more complex ones.

The need for companies to contract specialist risk managers who can cut through the complexity of cyber security and deliver practical mitigation guidelines that lower incidence rates cannot be overstated.All companies in today’s increasingly digitised marketplace need a specialist risk manager, preferably externally sourced, who intimately understands the ever changing dynamics of cyber security.

No company is too big to be hacked. Leading US Bank J.P. Morgan, whose $235 billion market value is more than ten times the $20 billion combined market value of all listed firms on the Nairobi Securities Exchange (NSE), was not spared. J.P Morgan suffered a high-profile hack in August 2014, just two months after it had committed a mindboggling $250 million to cyber security. This demonstrates that nobody is safe and everyone needs a reliable cybersecurity partner. The sooner Kenyan companies understand this, the better.

Organisations need to start making significant budgetary allocations to cyber security. More significantly, they need to understand that you cannot secure your business against cyber criminals through sporadic one-off spending. Mitigation efforts have to be consistent and long-term as cybercriminals are constantly evolving in order to beat the system.

Cyber security is no longer an IT challenge, but a broader security challenge for individuals, businesses and governments. This is a topic that needs to be discussed more intently with the view of plugging the more than Sh 15 billion (and growing) hard-earned Kenyan money that lines the pockets of elusive cyber criminals each year.