Identity theft and other forms of cybercrimes have become a real danger for companies and governments across the globe. Kenya has been a victim too, with a shocking loss of approximately Kshs. 21 billion to cybersecurity, in 2017 alone. This is according to a Cyber Security report by Serianu, which also reveals that Africa lost Kshs. 350 billion to cyber security, with financial institutions being most affected. Social engineering and spear phishing are some of the most common tactics cyber fraudsters use to attack the cyberspace.
Spear phishing, or other cyber-attacks in general usually come in form of customer support emails, making it almost impossible for the victim to suspect that it is fraud. Most of the time, a link will be sent and the user prompted to click on it, in order to change credentials to improve security. What you may not know is that, by clicking on the link you already give your predator access to your account, and other personal information. Hackers have the skills to create spoof email accounts that bear resemblance to an account known to you.
A recent study by Ironscales, an email security company, discovered that almost 77% of cyber-attacks are laser-focused, and traditional spam filters are not able to catch the attacks in time. For every five attacks identified by spam filters, 20 attacks make it into a user’s inbox. “Attackers spend more time studying their targets, running a very comprehensive reconnaissance process” Eyal Benishti, CEO of Ironscales says. “This has made it easier for attackers to gather information through reconnaissance helping them to craft emails that look exactly like the legitimate internal communication.”
With this knowledge, Kenya needs to come up with a new approach to prevent cyber-attacks and loss of huge amounts of money in future. Notably, there is a huge skills gap in cyber security, which can be the first step the government can take in the fight against cyber-crime. Kenya has only 1600 cyber security professionals against a demand of 40,000; with a huge number of employees not familiar with basic IT security. The senior management should, therefore, take the lead in training, educating and raising awareness of cyber security and data protection.
The Kenya Institute of management recently organized a management forum themed “Internet of Things and Cyber Security.” Such forums create the needed awareness of cyber security and the knowledge of data protection. “The internet has endless opportunities and various threats as well, with human beings as the weakest link in cyber security.” Says Francis Waithaka, CEO Digital 4 Africa. “Lack of due diligence on the internet can cost you a lot. You need to think before you click on any link, use two-factor authentication as well as different passwords for different channels.”
Teddy Njoroge, Country Manager-ESET Kenya says, “The internet has two kinds of people; those that have been hacked and those that will be hacked.” We must, therefore, play zonal defense with hackers by training employees on safer security measures, like backing up data and not using the same password across all platforms.
By Akinyi Agunja