Businesses now experience losses running into billions of shillings from cybercrime. PHOTO | COURTESY
The norm for security among businesses has been fortified doors,
grilled windows, sophisticated alarm systems and the permanent feature
that are guards manning entrances.
But the growth of
cyber space and connectivity, which was expected to enhance marketing,
cut the cost of sales and prop up output for Kenyan businesses, has now
become the double edged sword, which is giving firms sleepless nights.
Like
any other market jurisdiction where Internet penetration is high, Kenya
faces the rising threat from hackers who are no longer opportunistic,
but organised according a 2016 survey by local tech firms.
‘Hacktivists’
on the lose stole some Sh17.5 billion last year, according to a survey
conducted by Serianu Limited in partnership with the United States
International University Kenya and Paladin Networks.
The
challenge, according to the PriceWaterhouse Cooopers (PWC)2016 crime
survey is even bigger for the Kenyan corporates whose level of
preparedness remains wanting.
NOT EQUIPPED TO HANDLE CYBER CRIME
The
country ranked top 15 among those that believe their local law
enforcement agencies are not adequately resourced to combat economic
crime through cyber-attacks.
South Africa, Turkey,
Philippines and Bulgaria closed the top five among those perceived to be
less prepared to tackle the new avenue for fraud according to the PWC
survey.
They are not alone, only 37 per cent of the
respondents from the heavily regulated financial services industry –
have a fully operational incident response plan when faced with a
cyber-crisis.
“The reality in 2016 is that like every
other aspect of commerce, economic crime has, to some extent, gone
digital. In a hyper-connected business ecosystem that frequently
straddles jurisdictions, a breach in any node of that system – including
third parties such as service providers, business partners or
government authorities – can compromise the organisation’s digital
landscape in a variety of ways,” PWC wrote in the report.
In
a country where trading is moving digital and the race to go online is
peaking, Kenyan businesses have now fallen in the middle of the digital
paradox with business risks if they do and if they don’t.
ALSO READ: Sh4bn hacking suspect lives large - VIDEO
While
organisations today are able to cover more ground faster than ever
before – thanks to new digital connections, tools and platforms, which
can connect them in real time with customers, suppliers and partners,
cybercrime has become a powerful countervailing force that’s limiting
that potential.
In fact, business leaders are now increasingly worried about the threat, which stands on their way to faster growth.
In
PwC’s 19th Annual Global CEO Survey, six in 10 chief executives ranked
cyber threats and the speed of technological change as top threats to
growth.
UNAWARE OF VULNERABILITY
The
scenario is further complicated by lack of awareness by some firms on
what attack they could be exposed to or whether they had been
compromised.
Top managers and the board where major
decisions of firms are made, have also largely stood aloof from the
subject, according to the PWC global survey.
“This
year’s global economic crime survey points to the disquieting fact that
too many organisations are leaving first response to their IT teams
without adequate intervention or support from senior management and
other key players. What’s more, the composition of these response teams
is often fundamentally flawed, which ultimately affects the handling of
breaches,” the report said.
So hard to detect is the
new trend of digital theft that 56 per cent of companies that say they
are not victims, may have likely been compromised without knowing it.
Most attackers are also said to have managed to remain on organisations’
networks for extended periods of time without being detected.
Kenya,
which is taking most of its government services online has on many
occasions raised the alarm over the increased number of cybercrime
attacks in the country, which is slowly building up into a major threat.
With
procurement, awards, payments and various other procedures now allowed
online, the threat is as big as the convenience enjoyed by these
services going digital.
Information Communication and
Technology (ICT) secretary Joe Mucheru last week said hackers are
increasingly targeting sectors that are digital-savvy especially with
the rise of financial technology and Internet banking.
“The
government is alive to the emerging threats, the break-neck speed at
which we are mainstreaming ICT as an enabler of business and development
must therefore be balanced with prudent risk management,” Mr Mucheru
said.
Cyber criminals have targeted government
installations including those dealing with revenue collection like the
Kenya Revenue Authority, which is said to have caused a Sh4 billion
loss.
Businesses now experience losses running into
billions of shillings from the cybercrime and as well have to invest
equally high sums of money to boost the platform as customers demand
convenience and speed in an increasingly cash lite economy.
MILLIONS IN LOSSES
Keen
not to ruin their reputations in the aftermath of cyber-attacks, many
business are said to be suffering the millions of shillings in losses in
silence as the survey found that reputational damage was considered the
most damaging impact of a cyber-breach – followed closely by legal,
investment and/or enforcement costs.
What should the
businesses do to beat this digital dilemma then? “The digital world does
not allow any organisation to feel comfortable in the area of cyber
security threats and vulnerabilities. A constant guard that is on the
alert, detecting and is responsive to the changing environment is
essential,” Audit firm Ernst and Young wrote in their cyber threat
report released last week.
It is, however, difficult to
stay alert all the time and even more difficulty to measure sufficient
preparedness in the increasingly changing tactic with those piercing
corporate data and systems to make millions.
A new
trend of attackers staging diversionary attacks to conceal more damaging
activity may even prove harder for businesses to detect attacks
quickly.
In one of the diversionary techniques,
attackers target services that cause denial of service effectively
distracting and creating a lot of noise while the real focus of the
attack unfolds in a slow and undetected manner.
No comments :
Post a Comment