A few weeks I got the chance to attend the East African Cloud Summit organized by the University of Nairobi’s C4DLab in collaboration with Microsoft. The summit was about Cloud Computing and how it can be used to improve societal growth and transformation.
One of the panelists present during the summit was Dr.Bitange Ndemo, a former Permanent Secretary in the ministry of ICT . Dr. Ndemo spoke widely on Cloud and why most companies and even SMEs are still scared of moving into Cloud. He said most of these companies feel unsafe with their data being in the Cloud since they believe that with there data being in the Cloud they will be sharing it with other people.
Another reason according to Dr.Ndemo was that most of these organizations lack information about the importance of moving into the cloud. I remember asking the panel what needs to be done to convince these organizations or SMEs that the cloud is a indeed a safe place store their data, and Dr.Ndemo joked that the only thing that can be done is pray for them. Well, one thing was clear though, more awareness and facts need to be given to them. One thing they emphasized on is that moving into the Cloud is not about sharing, it’s about accessibility.
Experts in the summit also talked about how moving to cloud will help business secure from cybercrime threats.
During an interview I had a couple of weeks ago with Kaspersky Lab Channel Sales Manager for East Africa, Bethwel Opil, on the State of cybersecurity in the country, it was evident that there were so many gaps to be filled. Most organizations are not investing in these sector. Its either they don’t have the personnel or don’t even care at all.
One of the reason on how organizations can invest in cybersecurity is moving to the cloud. With the threat of cyber-crime and insider fraud on the rise, Kenyan companies should be looking towards cloud applications as one means of improving the security of their IT environments. In their experience, Bethwel Opil said CIOs and/or CISOs are starting to understand how serious cybercrime is becoming in Kenya, and the realities around cybercrime and the impact it can have on a business – not only from a data loss point of view, but also from a reputational one.
With the threat of cyber-crime and insider fraud on the rise, Kenyan companies should be looking towards cloud applications as one means of improving the security of their IT environments.
According to Dr. Rutendo Hwindingwi, Divisional Director for Sage East and West Africa, Kenyan organizations are wrestling with the growing danger posed by threats such as malware, hackers, and theft of computing devices. Just the other week, hackers hacked the Foreign Affairs ministry and leaked 1tb of information, which was so unfortunate.
He says most enterprises – especially small and medium-sized businesses feel ill-prepared for the risk that cyber-crime poses to their business, This is because as I found out during the interview I told you earlier is that they lack the budget and the specialist IT expertise they need to defend their businesses against today’s sophisticated cyber-criminal.
The 2015 Cyber Security Report by Serianu Cyber Threat Intelligence made some shocking revelation, that Kenyan organizations lost some Sh15 billion to cyber-crime in 2014. According to the paper, 64% of respondents were not trained in cybersecurity issues at all and 20% lacked sufficient cyber security budgets. The report revealed how many organizations lack enough staff and security expertise dedicated to IT security. The worrying thing is 21% of organizations in Kenya are not concerned about cybercrime at all.
Though the public sector was hardest hit by cybercrime, Dr. Hwindingwi says smaller organizations like SMEs also need to be aware of the growing list of dangers they face. He adds that it is particularly alarming that cyber-crime tripled in 2014 over 2013, indicating a country-wide lack of skills and resources to address the problem.
“Running your own IT infrastructure today is complex and expensive, especially if you are going to run your own server room,” Dr. Hwindingwi says. “You need to invest in firewalls and antimalware software, be ready to patch your operating systems and applications, and have specialist skills who are up-to-date with the latest threats.”
Locked up like Fort Knox
Against this backdrop, many organizations are starting to look to the cloud as one way of improving their IT security. Leading providers of online payroll and accounting applications, for example, host the software and their clients’ data in secure data centres underpinned by world-class technology, including the latest security.
Access to this specialized data centre is restricted, with only authorized personnel being able to enter. Around-the-clock armed security employees together with CCTV keep a watchful eye over it. This will free SMEs from doing backups, buying and installing new versions of the software, and fencing their data behind high security software.
When it comes to accessing the software, each user requires a unique password and username is required. Only invited persons are given access, using their own passwords and usernames. It is easy to track who has accessed the system and changed the data, making it harder for insider fraudsters to tamper with the records.
Physical theft: a major threat
Dr. Hwindingwi notes that one of the most common problems when it comes to information security in East Africa is the high rate of device theft. With the cloud, there’s less risk of losing data stored on a laptop or a USB stick because everything is stored in the cloud and not on devices that could be lost or stolen.
“Of course, that doesn’t mean you can neglect information security in your business. You’ll still be using your own devices to access the cloud, so there are some security vulnerabilities you need to take care of on your side,” Dr. Hwindingwi adds.
So how do you protect your business from data security threats? Dr. Hwindingwi gave some ideas. First, Educate your end-users about the basics of information security – for example, make sure they know why they need to choose strong passwords and that they’re alert to the dangers of phishing emails designed to persuade them to give their log-in details to people with criminal intentions. Installing antivirus and anti-malware software on your laptops and desktop computers, and then keep it up to date with the latest definitions is also very important. Getting serious about mobile security is also something we should not ignore. Lock your device behind a PIN code or password when not in use so hackers or thieves can’t access your data. Also, most mobile devices today allow you to track their location or remotely wipe data. It’s a good idea to enable this functionality just in case the device goes missing.
Another way could be keeping software up to date with security patches: When it comes to desktops and notebooks, be sure to keep your operating systems and browsers up to date with the latest security patches. Where your cloud provider allows it, enable two-factor authentication. For example, you could set your account up to ask for a code sent to you by SMS when you log in or use a fingerprint in addition to a password. One last important thing, always be careful about where you log into cloud services. Be wary of unsecured public Wi-Fi networks.
Cyber threats are increasing and cyber criminals are devising new ways to commit these crimes, something we should always be aware off.
Cybercriminals are becoming very skilled and are placing a strong focus on the business market, given the financial gain it can offer them. Ransomware that targets businesses, for example, is becoming more widespread and more sophisticated. Cybersecurity is therefore not an issue that only IT people should take into consideration. The reality is that it concerns everyone – consumers, home users and their families, small businesses and large organisations, including governments. That is why moving to the cloud could be the be one of the best things organizations should consider.