Two months ago, I heard the story of a pastor from Sierra Leone who discovered a very large diamond. The good pastor, Emmanuel Momoh, handed over the 706-carat diamond to the Sierra Leonean government for valuation and subsequent sale. Pastor Momoh was going to benefit from part of the proceeds of the sale of the diamond.
I am not an expert in the sale of diamonds but imagine if this “momoh diamond” was sold at an auction in one of the European or US cities by a lone auctioneer without any security. If you heard that such an auctioneer was robbed of the momoh diamond, you would probably think that he was not very wise to attempt selling such a precious commodity without the requisite security.
In the wake of the sensational ransomware attacks that took place last week, it may appear like this is a one-off attack on systems. What many may not realise is that these attacks happen very often. Data is quickly becoming more valuable than precious stones and traversing cyberspace without proper security for data is akin to going to a gun fight holding a knife.
Individuals and organisations should spend money on protecting their data the same way that they would hire security guards to protect their business premises or their homes. I was mortified to read a report that 33 per cent of Kenyan financial institutions don’t spend anything on cyber security. This is not only unwise, but very scary as it starts looking like such organisations are courting disaster. There are several ways that both individuals and organisations can protect themselves online.
Backing up is important and where possible, one should have several generations of the same just in case malware accidentally finds its way into the repository. I would recommend three generations, two days apart, which will make it possible for one to revert to older backups. There are several back up services available on the cloud today.
There are a few local cloud service providers like Node Africa, Angani, Safaricom, Liquid Telecom, MTN Business, Access Kenya and a few others that individuals and businesses can make use of. Some of the more established international cloud services where backups can be done like Google, Apple and Dropbox are also available options for these services.
The cloud services providers have invested in security experts and they do invest in advanced technology to ensure that their services are up to date. They would ideally not fall prey to such attacks. Software updates is the other way to ensure that one stays protected from attacks. The ransomware attacks took “hostage” data on thousands of computers in different parts of the world. The data was going to be made available after the owners of the data paid a “ransom”.
These attacks happened on computers running on older versions of Microsoft Windows. Microsoft had provided a patch to fix the vulnerability to the system but those that were attacked had not updated their computers. Timely updates for systems and anti-virus software is very important for the well-being of the security systems.
Businesses must go a step further and invest in the right people to run their security. It is not enough to have the best systems if the people running it are not competent to manoeuvre in the ever-changing online space.
The most important aspect of securing data is vigilance.
Everyone must take due care to ensure that they are not infected or affected by malware. Simple steps like ensuring that one does not open attachments from suspicious sources, or even falling prey to cyber conmen. When dealing with cyber thugs like the ones who infected computers with ransomware last week, people must not fall into the temptation of paying the ransom requested for their data.
Even if the “hijacked data” is very valuable, there is no assurance that it will be recovered if one pays the ransom. Cyber security is also an opportunity which more local businesses should venture into. With the ever changing environment, there exists a business opportunity to provide protection for both businesses and individuals.
The most disturbing attack that we are facing today in Kenya is the proliferation of fake news. Fake news has become so pervasive that we have to start questioning the source of any information that we receive. If politicians start talking about inability of the IEBC systems to run free and fair elections, we must start thinking about their intentions for discrediting the systems. The originators of fake news would typically want us to react in a certain way as a result of the news.
The government is aware of the numerous attacks on systems and is doing all that is possible to ensure that we keep our data safe. Let us employ tougher safeguards for our data. It is our equivalent of the momoh diamond in cyber space.
Mr Mucheru is the Cabinet Secretary, Ministry of Information, Communications and Technology