Kenya has been listed as the country with the fourth-most active population of users on Facebook as well as Twitter behind Egypt, South Africa and Nigeria respectively.
Recent global cyber attacks have reminded us that the days when a password was sufficient to safeguard online information are long gone.
Barely hours after the first reported case of the WannaCry ransomware attack, a global digital security firm Avast is reported to have detected 75,000 attacks in 99 countries.
The Communication Authority of Kenya (CA) last week confirmed that 19 servers in Kenya had been affected, amending a security report it had issued a week earlier stating no reported incidences.
Security policy
According to Vincent Ngundi, head of the Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC), the regulators’ unit recently formed to monitor and advice on cyber security policy, it is difficult to determine actual cases of attacks owing to under-reporting by victims.
“It looks attractive to hide an attack,” explained Mr Ngundi. “A company would be wary of their reputation if they make it known to the public that they have been attacked,” he explains.
With the country increasingly embracing online transactions, the public, particularly customers might be cautious and even reluctant to do business with a firm whose cyber security policies might appear weak.
“Many of these firms thus believe they are protecting their reputation by not reporting to authorities,” Mr Ngudi states. This makes it difficult to map out the pattern and the extent of a particular attack to design a plan to limit it’s spread. According to the head of cyber security research firm Serianu, John Makatiani, Kenya’s relatively developed digital infrastructure as well as high adoption of technology raises the vulnerability of the country and its users.
“One of the things we notice with the spread of ransomware and malware such as WannaCry is that the pattern follows regions that have dense internet service provider (ISP) coverage as well as media heavy regions,” he explained.
In Africa, Kenya has been listed as the country with the fourth-most active population of users on Facebook and Twitter behind Egypt, South Africa and Nigeria. “We have been lucky because in Africa, we have not seen as many attacks as have happened in other parts of the world, particularly Europe and the US,” explained Makatiani.
This however does not mean that Kenya is out of the woods just yet. Despite the scale of its spread, WannaCry has been described as one of the ‘smaller’ versions of ransomware. The WannaCry ransomware locks down files in an infected computer and demands that owners pay $300 (Sh30 000) using the cryptocurrency Bitcoin for the files to be freed up.
It is not yet clear exactly how many companies or individuals in the country were attacked or whether any of them paid the ransom. Experts warn that the next global cyber attack will be significantly more devastating than WannaCry.
Potential victims
Developers of malware and viruses are becoming more sophisticated. “Kenya is at risk first as a source of malicious code which is routed through the country to carry out attacks in other countries and secondly as potential victims,” observed Makatiani. The majority of Kenyan users are on Windows systems; the target of last weekends attack.
Stay informed. Subscribe to our newsletter
Many users also run pirated software which cannot be updated with security features when vendors such as Microsoft release the same.
“The other challenge Kenya faces is that many users have not been made aware of the threat or appreciate the dangers that lie in clicking on malicious links,” he explained.
Kenya’s public sector is also at risk with the country’s recent drive to digitise various departments and programmes at both the county and central government. “The Government is paying attention to the importance of cyber security.
Other than private sector players that have embraced technology, State agencies are increasingly using the Internet to deliver public services. It follows then there is need for commensurate need to secure this space,” explained Ngundi.
Currently, the ministry of ICT is banking on the Computer and Cybercrimes Bill 2016 which is due for debate in Parliament to provide a legislative framework that is updated to handle the evolving threat.
The Bill proposes harsh penalties including fines of up to Sh20 million and ten-year prison terms for those convicted of deliberately making unauthorised access to computer systems and networks.
Experts have however cautioned that the law is struggling to play catch up. “The Computer and Cyber Crimes Bill is a good piece of legislation but it will take some time before it matures and we can have the police force and judiciary equipped and skilled to implement the same,” explained Makatiani.
The Standard Group Plc is a
multi-media organization with investments in media platforms spanning newspaper
print operations, television, radio broadcasting, digital and online services. The
Standard Group is recognized as a leading multi-media house in Kenya with a key
influence in matters of national and international interest.
join