Saccos at risk for not auditing IT service providers
SCI & TECH
By Graham Kajilwa | August 18th 2021
Failure by Saccos to audit vendors providing them with back-end technological support is a major risk to members’ investments.
The latest report on the status of cybersecurity among Saccos shows that 52 per cent of these vehicles for saving do audit the vendors.
Only 11 per cent of Saccos documented in the report compiled by Serianu, a cybersecurity and consulting firm, maintain contracts with their vendors. Similarly, just 22 per cent of Saccos conduct an audit on vendors before engaging them.
The report was launched today by Serianu Chief Executive William Makatiani, who noted that Saccos are placing too much trust on vendors. Other loopholes listed include database sharing, password hygiene and remote access to the system.
The report interviewed and surveyed 110 Saccos. Makatiani cited incidents where payment commands are changed before the intended recipient of the money receives.
“You will find the problem to be on the vendors’ side, and especially if they are poorly paid,” he said.
“There are Saccos who let vendors have too much access to their systems. We have people who have let vendors fix everything. With the issue of access, we will always have malicious people around."
Intrasoft International East Africa Chief Executive Wambui Mbesa said due diligence should be undertaken by Saccos before hiring the vendors.
She noted that some Saccos, due to financial constraints, go for the less expensive vendors hence risking their investments and systems.
“Do not engage people in an IT company who do not have any domain expertise in the financial sector,” she said. “Cheap is and can be very expensive. Do not be lured,” she said.
Serianu Chief Operating Officer Joseph Mathenge, who presented the report, said some Saccos were now investing more in cyber security. ”More than 30 per cent of attacks involve vendors,” he said.
Want to become a millionaire? Follow Warren Buffett’s 4 rules
- Financial discipline: Educate children when they are young
- Bonds boost NSE as investors shy away from equities
- Nuked out: Kenya’s nuclear power agency to be disbanded in cost cutting plan
- KICC once again named Africa's best meetings, conference venue
- The sins of power producer