Imagine waking up one beautiful Monday only to realize that your website has been hacked. Your online accounts, your most precious work and even your personal assets are gone. What do you do?
According to the 2017 Cyber Security Report released by Serianu LTD, Kenyan businesses lost an astounding Ksh. 21B to cyberattacks in 2017 alone. When you consider the whole NYS scandal is about Ksh. 9B you start to see just how serious cyberattacks are in Kenya.
However, let us go back to your hacked website. As the red screen of death glares at you, informing you that the website you invested in is no longer accessible, it is often tempting to pick up the phone, contact your website developers and give them a piece of your mind since you blame them for negligence. They should have prevented your website from being hacked, right?
Well, the answer here is two-fold; yes and no.
Yes, your website developers have the responsibility to ensure that your website is developed and designed with security in mind. In the same vein, your hosting company also has the responsibility to ensure that your server, be it dedicated, shared or cloud is hardened and patched often adding another layer of security to your online presence.
The second answer is no because your online security does not start at the website design and development level. Instead, it should start at the board level, as head of ICT at NTSA, Fernando Wangila recently shared with Legibra on a roundtable discussion about cybersecurity for SMEs. (Watch the discussion here)
In Fernando’s opinion, before calling your developers or technology providers regarding your hacked website, you need to contact your board and deal with the issue according to your cybersecurity policies and frameworks in place. In the absence of such processes and policies, it is impossible to place the blame entirely on your technology providers because cybersecurity is not built into your processes in the first place.
Cyber Attacks and Blame Games
Still, whether you call your developers or board, your website would have already been hacked, your processes compromised, and your services affected. Therefore, it makes more sense to be proactive instead of reactive. While majority of SMEs tend to shy away from cybersecurity products because they fear the costs, Francis Waithaka, CEO at Digital For Africa, advises businesses to consider partnering with cybersecurity professionals to mitigate risks of cyberattacks while cutting on costs. We only have 1,600 cybersecurity professionals against 48 million Kenyans. As a business you need to leverage partnerships if you want to have peace of mind over your online business.” said Francis at the roundtable discussion on cybersecurity for SMEs at Legibra.
Register for the Finnovation Africa Summit here: Happening at the Radisson Blu in Nairobi, Kenya on the 31st of May 2018.