Lack of education on ICT to blame for growing cyber attacks on Insurance and banking sectors in Kenya.
Insurance and banking services sectors in the country need to enhance the pace of deployment of secure Information Communication Technology (ICT) practices in their organizations. According to ICT security company, ESET East Africa, the recent spike in cases of cyber attacks and breaches in the financial services sector is attributable to the slow pace of implementation of ICT security protocols.
According to The 2015 Cyber Security Report by Serianu Cyber Threat Intelligence Team, the financial service sector lost Sh4 billion from cybercrime attacks. The report revealed how many organizations lack enough staff and security expertise dedicated to IT security. The worrying thing is 21% of organizations in Kenya, the report says are not concerned about cybercrime at all.
Speaking at the quarterly CIO East Africa industry breakfast, Alistair Freeeman, Chief Executive Officer, ESET East Africa, said there still exists a huge gap between the speed banks and insurance companies are deploying technology solutions and the rate at which they are adopting these solutions onto secure frameworks.
“We have seen businesses move from using single static device environments and onto multi-layered devices and even cloud technology platforms. This means that we should be pushing for a synchronized security environment where aspects of security are shared at all levels of business“, said Freeman.
The Central Bank of Kenya (CBK) is said to have since taken positive steps in addressing the attendant security risks in the sector. Recently it ordered a full ICT Security system audit for all banks and insurance operators. This, baseline survey, according to Njaramba Kanani, the Information Security Officer at Chase Bank, is meant to give a glimpse of the state of affairs in the sector towards addressing the attendant Cybersecurity risks facing the sector.
“The fact is that we will be definitely be attacked, of importance, however, is what we do after or how far the attackers can go in case of a breach. In this regard the new CBK rules have given the sector even more reason to invest in security matters“, he said.
At the forum, it emerged that over 30, 000 unique cyber attacks and attempts are recorded in the financial services space in Africa annually. Even so, it was said that many institutions do not fully understand the security challenges that come with their constantly upgraded and integrated technologies such as mobile and remote service delivery models.
According to Freeman as companies invest in and integrate more ICT systems into their processes there is an inadvertent increase in their risk profiles. These he said should be tested and re-tested regularly to wipe out loopholes.
“ Even with the highest level of security investment, the human element remains the weakest link within organizations especially where the Bring Your Own Device (BYOD) culture sustains. Noting that mobile malware is among the biggest emerging threat in cybersecurity today, a weak user proficiency policy among staff on ICT security matters is a major threat to any ICT security efforts“ he explained.
Currently over 20 million Kenyans access the internet through mobile devices, many of who use the same single device for personal, business and official work purposes.
Freeman said that education and awareness on cyber security risks is the only way towards achieving ICT Security maturity among staff and if the industry is to turn the tide in the fight against cybercrime. These same sentiments were shared by Bethwel Opil, Channel Sales Manager for East Africa at Kaspersky Lab during an interview I had with him back in March on the state of cyber security in Kenya. He noted that education around cybercrime and the need for IT security within organizations, however, small they are should become key in 2016. Businesses cannot afford to be affected by the implications of cybercrime, something they can control of they put it the necessary resources.