The growing appetite to create convenience for customers using technology solutions and the internet is a good thing but it also poses security risks to businesses and governments in Kenya and Africa at large. Organizations must therefore develop strategies to protect data and money.
Here are the insights from Africa’s cybersecurity report that was released in April 2018 by Serianu a security consulting thinktank.
- The most vulnerable SMEs are those in the financial services sector such as cooperatives, Saccos, micro-finance institutions, Fin-tech service providers
- The cost of cyber attacks in Kenya is $210M and $1.048 trillion for the whole of Africa per year.
- A huge talent gap exists with the number of qualified cybersecurity experts in Kenya at 1,600 against the expected demand of 40,000 professionals.
- Insider threats top the list when it comes to high risks and the group most implicated is administrators and other privileged users, who are in the best position to carry out a malicious breach, and whose mistakes or negligence could have the most severe effects to the organization.
- 60% of all identified vulnerabilities go un-remediated / unmitigated. While 50% of successful attacks are
as a result of previously identified vulnerabilities.
- 75% of vulnerabilities identified within local organizations were missing patches. There’s need to carry out patching as soon as critical vulnerabilities are discovered and patches issued.
- Third party security vendors introduce risks to organizations through their interactions with critical data. They do so by use of remote access tools (RDP, Teamviewer, Toad) to access critical applications and databases and because they have privileged accounts to access systems. They may also do so by manipulating source code for critical applications in order to perform malicious activities.
- The impact of Cyber attacks now requires top-level oversight where board members should lead in mitigating security risks.
- Training employees on security best practices will give them the knowledge they need to better protect the organization’s data through proactive, security-conscious behavior. Need for IT departments to set a change management process where employees leaving organizations are removed from accessing systems.
- Data protection laws can help in giving users rights to their data and the EU’s General Data Protection Regulation (GDPR) which will be effective on 25th May will have far wide implications even beyond the EU market.
By Francis Waithaka, CEO Digital For Africa LTD
Download the full report Africa Cyber Security Report 2017