Cyber Security has become a great concern for most organizations across the globe, Kenya included.
In fact, according to The 2015 Cyber Security Report by Serianu Cyber Threat Intelligence Team, the public sector in Kenya lost more than Sh5 billion from cybercrime attacks, followed by the financial services sector at Sh4 billion. The report revealed how many organizations lack enough staff and security expertise dedicated to IT security. The worrying thing is 21% of organizations in Kenya are not concerned about cybercrime at all.
Education around cybercrime and the need for IT security within organizations, however, small they are should, therefore, is become key in 2016, in changing this mindset. Businesses cannot afford to be affected by the implications of cybercrime, something they can control of they put it the necessary resources.
I had an interview with Bethwel Opil, Channel Sales Manager for East Africa at Kaspersky Lab to discuss the state of cyber security in Kenya. Why are companies in Kenya less concerned about cyber crimes? Do they understand the consequences? Why do they need to invest more in countering cyber crimes and are there positive predictions for the future of cyber security in Kenya?
Below is the interview.
Q: Tell us about yourself and your role at Kaspersky Lab?
A: I am currently the Channel Sales Manager in East Africa for Kaspersky Lab. Among my responsibilities in this role is driving the business, by developing quality plans within the Partner businesses and working with key C-level executives in the region. I lead the channel business development and the partner segmentation and selection across the entire Eastern Africa region.
I ensure that our Partners are equipped to compete effectively and to provide the Kaspersky Lab product offering to businesses and consumers in the region. I plan, define, execute and manage Marketing and Sales Programmes in liaison with the Marketing Manager, Consumer and Corporate Retail Sales Managers for Sub-Saharan Africa. And, of course, I constantly check the cybercrime situation in the region, the market conditions, trends or changes in the industry that are important for our customers.
Given the growing interest in cybercrime, and as a result, the growing hacking and cybercriminal community (globally, but which also impacts East Africa), my role at Kaspersky Lab is important – as the brand is not only passionate about raising awareness on security issues among businesses and consumers of cybercrime realities, but also on the necessary protection around this and of course supplying solutions that can offer this much-needed protection in this region.
Q: Cyber criminal activities are increasing globally; do you think CIOs or CISOs, especially in Kenya, are doing enough to counter this?
A: In our experience, CIOs and/or CISOs are starting to understand how serious cybercrime is becoming in Kenya, and the realities around cybercrime and the impact it can have on a business – not only from a data loss point of view but also from a reputational one.
As a result, we have seen many organizations starting to place a focus on IT protection and effectively protecting their networks and infrastructures. This is also partly due to the fact that they might have faced some of the threats themselves, and not just read about them in the media space. However, there is still a lack of awareness around this and more needs to be done, which is why Kaspersky Lab is placing a strong focus on the region.
Q: What are some of the top cyber security concerns facing CIOs and CISOs currently?
A: The overriding trend in 2015, globally, in the cybercrime space, was the increased complexity seen in cyber-attacks – as a result, CIOs and CISOs are currently concerned about a possibility of being under a targeted attack, as well as about the security of their diverse infrastructures.
Q: From identity theft and fraud to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations, and governments. What are we doing wrong?
A: I feel that many organizations still have the ‘it won’t happen to us’ attitude and believe that their business is not ‘interesting enough’ for cybercriminals. This is less so for enterprise level organizations, but very acute for SMBs. For example, the current BYOD trend, where businesses still believe this poses no threat to their company and have no interest in spending effort on mobile device security – that is, of course, until one of the employees loses a device with business data or gets a malware that starts sending spam to all the business contacts on their list.
The human aspect is often the weakest spot in the IT security chain, and the hardest to manage. Phishing is a very widespread example of this: when an email looks authentic, employees open links and attachments in it, thinking it is an important document(s) from potential customers or current suppliers – and infects the organization.
Kaspersky Lab urges all companies to ensure that they have the right security and strategies in place, mitigate their risks and ensure that they do not fall victim to cybercrime. Further to this, it is also important to educate employees and implement security strategies internally to avoid the human error in cybercrime.
Q: Hacking experts warn there are plenty more security risks ahead in 2016 as cybercriminals become more sophisticated. What are some of the threats we should expect in 2016?
A: At Kaspersky Lab, we anticipate seeing a significant evolution in cyberespionage tradecraft. There will be a dramatic change in how targeted attacks are structured and operated. We expected to see a decreased emphasis on ‘persistence’, with a greater focus on memory-resident or fileless malware, reducing the traces left on an infected system and thereby avoiding detection.
We may also see more newcomers in the Advanced Persistance Threat space. Cyber-mercenaries will grow in numbers as more parties seek to gain from online attacks. These are expected to offer attack expertise to anyone willing to pay, and also to sell to interested third-parties digital access to high-profile victims, in what could be called an ‘Access-as-a-Service’ offering.
Additionally, consumer threats will also evolve. According to our experts, ransomware will be gaining more ground on banking and Trojans are expected to extend into new areas such as OS X devices – often owned by wealthier and therefore more lucrative targets – in addition to mobile and the Internet-of-Things.
Cybercriminals are constantly looking for new ways to make their victims pay. Therefore, alternative payment systems such as ApplePay and AndroidPay, as well as stock exchanges are expected to become growing targets for financial cyber-attacks.
Q: Given the gap that exists in cyber security, do you view the ability to invest in cyber security in Kenya as a top priority?
A: Cybersecurity is not an issue that only IT people should take into consideration. The reality is that it concerns everyone – consumers, home users and their families, small businesses and large organizations, including governments.
Considering this, there are various security measures that can be used to protect communications via email, instant messaging tools, smartphones, and while browsing over computer networks and interacting with the physical world. Just as one would practice safety measures in the physical world, the same outlook should apply for one’s virtual world.
Q: According to the Serianu Kenya Cyber Security Report for 2015, 21% of the organizations surveyed said are not concerned about cybercrime at all. Why?
A: It is the same lack of awareness and ‘this won’t happen to me’ attitude, which unfortunately lasts until the person or organization faces a problem, or their partners do, for example. But last year we saw numerous global cases, which attracted attention around the issues of cybercrime, such as the attack on Sony and the database theft from Ashley Madison online dating service.
Q: Most respondents in the report believe that cybercriminals are increasingly targeting their organizations. Why do you think this is happening?
A: Cybercriminals are becoming very skilled and are placing a strong focus on the business market, given the financial gain it can offer them. Ransomware that targets businesses, for example, is becoming more widespread and more sophisticated.
Q: The Internet of Things will still be the “Internet of Vulnerabilities,” according to cyber experts. What is your take on this?
A: We believe that vendors should have cybersecurity in mind when designing IoT devices, and we are happy to share our experience regarding this. Also, people and businesses should be aware of the potential risks and know how to mitigate them before embracing the IoT-enabled world. This will avoid this world becoming one of the vulnerabilities.
Q: Do you think Kenya is well equipped to fight cyber crimes?
A: There is a good awareness of the realities of cybercrime building in Africa; governmental organizations are also paying attention to this. In Kenya, for instance, the Ministry of Information is doing great work in this regard.
However, it is not just about awareness, but implementing real measures that are able to effectively tackle these issues – and this needs to be taken seriously in the region.
Q: Lastly, are there positive predictions for the future of cyber security in Kenya? And how is Kaspersky Lab helping in this?
A: Unfortunately, as IT is developing fast in Kenya, so will be the cyber threats. However, the good thing is that if IT develops along with information about possible threats, people will be able to secure themselves.
The cornerstone of our business strategy is to transform our leading security intelligence into real protection for our clients, to address current and emerging cyber threats. Together, with our local partners, we are ready to provide high-quality services and award-winning efficient security solutions for different needs – from home users and small businesses to enterprise-level organizations.
Are you an organization? What is the state of cyber security in your organization? I hope this interview and responses were helpful. Feel free to drop us a comment on the comments section below or send us an email as well.