The Standard Group Plc is a multi-media organization with investments in media platforms spanning newspaper print operations, television, radio broadcasting, digital and online services. The Standard Group is recognized as a leading multi-media house in Kenya with a key influence in matters of national and international interest.

Standard Group Plc HQ Office,
The Standard Group Center,Mombasa Road.
P.O Box 30080-00100,Nairobi, Kenya.
Telephone number: 0203222111, 0719012111
Email: [email protected]

NEWS & CURRENT AFFAIRS

The Nairobian

Saccos at risk for not auditing IT service providers

Sci & Tech

By Graham Kajilwa | Aug 18, 2021

**Serianu Chief Executive William Makatiani.**

Failure by Saccos to audit vendors providing them with back-end technological support is a major risk to members’ investments.

The latest report on the status of cybersecurity among Saccos shows that 52 per cent of these vehicles for saving do audit the vendors.

Only 11 per cent of Saccos documented in the report compiled by Serianu, a cybersecurity and consulting firm, maintain contracts with their vendors. Similarly, just 22 per cent of Saccos conduct an audit on vendors before engaging them.

The report was launched today by Serianu Chief Executive William Makatiani, who noted that Saccos are placing too much trust on vendors. Other loopholes listed include database sharing, password hygiene and remote access to the system.

The report interviewed and surveyed 110 Saccos. Makatiani cited incidents where payment commands are changed before the intended recipient of the money receives.

Keep Reading business

“You will find the problem to be on the vendors’ side, and especially if they are poorly paid,” he said.

“There are Saccos who let vendors have too much access to their systems. We have people who have let vendors fix everything. With the issue of access, we will always have malicious people around."

Intrasoft International East Africa Chief Executive Wambui Mbesa said due diligence should be undertaken by Saccos before hiring the vendors.

She noted that some Saccos, due to financial constraints, go for the less expensive vendors hence risking their investments and systems.

“Do not engage people in an IT company who do not have any domain expertise in the financial sector,” she said. “Cheap is and can be very expensive. Do not be lured,” she said.

Serianu Chief Operating Officer Joseph Mathenge, who presented the report, said some Saccos were now investing more in cyber security. ”More than 30 per cent of attacks involve vendors,” he said.