Focus on cyber resilience to protect your business, firms urged

Organisations should embrace cyber resilience for email by providing comprehensive security controls before, continuity during, and automated recovery after an attack. PHOTO | COURTESY 

By EVANS ONGWAE

Summary

• A holistic strategy against potential cybercrimes ensures that an organisation does not experience disruptions, lengthy downtime and data loss.
• Organisations face significant risks when they fail to invest in cyber resilience.
• Globally, cyber crime is on the rise with attacks and breaches happening every other day.

Technology is double-edged and organisations, reliant on modern technological tools, should also invest in defences against cyber attacks to become resilient.

While technology helps businesses to conveniently access or deliver a variety of services, it also exposes them to risks. When computers connect to a network and begin communicating with others, they are exposed to risk.

Safeguarding Kenya’s cyberspace

The Communications Authority of Kenya (CA) observes that ICT has been cited as a key enabler of socio-economic transformation.

The industry regulator notes that realisation of the government’s Big Four agenda and Kenya’s long-term socio-economic blueprint will leverage on the adoption of ICTs. It will also leverage on the safeguarding of Kenya’s cyber space to facilitate the envisaged transformation.

To mitigate cyber threats and foster a safer Kenyan cyberspace, government established the National Kenya Computer Incident Response Team - Coordination Centre (National KE-CIRT/CC). This is a multi-agency collaboration framework responsible for the national coordination of cyber security as Kenya’s national point of contact on cyber security matters.

The National KE-CIRT/CC is based at the CA Centre and comprises staff from the Communications Authority of Kenya and law enforcement agencies.

It detects, prevents and responds to various cyber threats targeted at the country on a 24/7 basis, having commenced round-the-clock operations in 2017.
The National KE-CIRT/CC acts as the interface between local and international ICT service providers whose platforms are used to perpetrate cyber crimes, and Kenya’s Judicial Law and Order Sector, which investigates and prosecutes cybercrimes.

Worldwide, it is known that criminals always seek ways to stay ahead of established security systems so as to commit their nefarious deeds with ease. The paradox is that, information technology, considered an ally of crime busters, is double-edged as thugs also use to gain an unfair edge over legally established businesses.

Last week, President Uhuru Kenyatta signed the Computer Misuse and Cybercrimes Bill into law. This is an effort to fight cyber crime. However, waiting for legal recourse – and punishment for the criminals – is akin to locking the stable long after the horse has bolted.

Cyber resilience

“The only way for organisations to get ahead of cyber criminals and holistically protect their business is to adopt a new approach to email security and to focus on cyber resilience,” Mr Brian Pinnock, Mimecast, Africa and Middle East Sales Engineering Manager says.

He urges organisations to embrace cyber resilience for email by providing comprehensive security controls before, continuity during, and automated recovery after an attack. Such a holistic strategy against potential cybercrimes, he says, ensures that an organisation does not experience disruptions, lengthy downtime and data loss.

Mr Pinnock points out that a defence-only security strategy alone is not designed to protect against the level and volume of advanced attacks. Continuing to invest in disparate technologies and focus on a defence-only security strategy will lead to consequences like intellectual property loss, unplanned downtime, decreased productivity and increased vulnerabilities.

Thus, organisations face significant risks when they fail to invest in cyber resilience.

Globally, cyber crime is on the rise with attacks and breaches happening every other day. Attackers are becoming more sophisticated, making it difficult (but not impossible) for organisations to defend against the level and volume of attacks.

Cyber resilience think tank’s view

Mimecast’s Cyber Resilience Think Tank advises that IT managers ensure the entire organisation is educated, engaged and involved in planning and response against cyber crime. Everyone, from the board to the IT department and beyond, should be educated on how to prepare for cyberattacks, and to understand what the organisation stands to lose should criminals succeed in breaching its firewalls.

Mimecast’s cloud-based solutions

Mimecast, which also operates in Kenya, makes business email and data safer for thousands of customers and their millions of employees worldwide. Founded in 2003, the company's next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management.

MTN Kenya’s offering

MILLICENT MWOLOLO reports that, with fibre network infrastructure in four metros (Nairobi, Mombasa, Eldoret and Kisumu), a tier III data centre and cloud infrastructure in Nairobi and Mombasa, MTN Kenya is well-armed to power and protect businesses.

The firm offers network services, cloud solutions, voice and data centre services to the financial services sector, telecommunication companies, government, corporate sector and small and medium enterprises (SMEs). 

“Our National and Global MPLS is a secure network that allows organisations to interconnect and operate seamlessly across their branches,” says Kennedy Chinganya, the managing director, MTN Business Kenya.

Businesses are migrating from investing in ICT hardware and software, and shifting to MTN.

“This has informed us to invest in a tier III data centre which is hosting our cloud infrastructure and has the capacity to host customers looking for remote co-location services,” says Mr Chinganya.

“We have invested in advanced threat detection and remediation to ensure that customers hosted on our cloud platform are protected from the emerging cyber-attacks.”

MTN Cloud gives businesses a cost-effective virtual data centre that can easily scale as their compute and storage needs grow.

The firm has invested in another data centre in cloud infrastructure in Mombasa. This is to primarily deliver disaster recovery for the Nairobi Platform as well as provide cloud services and co-location for the coastal region and other international markets.

The Cyber Resilience Think Tank created by email and data security company, Mimecast, defines this phrase as, “An organisation’s capacity to adapt and respond to adverse cyber events – whether the events are external or internal, malicious or unintentional – in ways that maintain the confidentiality, integrity and availability of whatever data and services are important to the organisation.”

‘Big Four’ agenda

With respect to the ‘Big Four’ agenda, MTN Kenya is poised to play a key role in the realisation of universal healthcare in Kenya by leveraging on technology solutions to address some of the health sector challenges.

“We can partner with the health sector in telemedicine such that doctors are able to diagnose patients in remote locations across Kenya through MTN cloud and network platform,” Mr Chinganya says.