ICT Infrastructure investment alone is not enough to fight cybercrime, says report

In 2016 alone both private and public firms lost more than Sh 17.5 billion to cybercrime compared to Sh 15 billion in 2015.

This is according to a 2016 Kenya Cyber Security Report findings by African consulting cyber security firm Serianu Limited.

It’s for this reason that ISACA-Kenya a non-profit organization is organizing a conference to tackle the cybercrime challenges facing Africa as a continent.

“It’s time for more action to tame the cybercrime and we can only do this by having a holistic approach that ensures that our systems are safe,“ says Dennis Mutinda, President ISACA-Kenya.

The two day event dubbed ‘Secure Kenya’ seeks to bring together over 200 ICT professionals across the African continent.

“The event is taking place between 24-26 May and we seek to engage as professionals with other ICT experts especially from UK, US, Canada and Europe. We tend to benchmark on what they are doing differently that we can borrow from them to ensure that we are at par in fighting cybercrime,” adds Preston Odera, Chief Executive Officer, ISACA -Kenya.

Though most African countries including Kenya has invested heavily on ICT sector cybercriminals have still managed to outwit them in their game.

“While we have high levels of investment in technologies and automation across government and the private sector, these criminals have continued to outsmart us, “comments Dr.Katherine Getao, ICT Secretary, Ministry of Information Communication and Technology.

Dr.Getao pointed out that despite the high Internet penetration, the growing threat of cyber-criminal attacks, few organizations in Kenya have actively established mechanisms to mitigate the threats.

“Over the years we have seen local cyber security breaches rise in number and sophistication. Most of those targeted being the financial institutions,” adds Dr.Getao.

The cybercrime scene is also taking a new shape as numerous attacks are on the rise especially on mobile money services.

This is mainly carried out through social engineering, use of malware and account personifications.

The overall impact of each attack is also being felt for longer than before. On average in takes nearly a year to detect and resolve a cyber-attack in institutions that lack the right tools.

For Kenyan firms it takes 200 days to detect a breach and an additional 80 days to resolve it. That time doubles when it comes to detecting and resolving malicious insider attacks whose prevalence has risen exponentially.

“The criminals are now using software that is harder to detect, with some institutions registering attacks by malware variants such as Ransomware,” Dr.Getao explained.