Kenya: Cyber criminals becoming untamable
SECURITY| June 15, 2012, 8:21 a.m.
By Semaj Itosno, Nairobi, Kenya
As Kenya’s internet connectivity blossoms, so are the cyber security threats which are becoming more dynamic and sophisticated.
Despite the ongoing infrastructure developments through the undersea and terrestrial cables bringing enormous benefits, they have opened a new warfare front , as fast speeds give malicious internet users more opportunities to target more victims, easily and undetected.
“The hard truth is most organisations don’t know enough about the threats or their own security posture to defend themselves adequately. For example, they can’t see signs of an attack because they haven’t sufficiently analysed data on the latest attack techniques,” says a report by the Security for Business Innovation Council (SBIC).
SBIC is a group of leading security executives from Global 1000 enterprises sponsored by computer and network security company RSA.
According to Kenya’s Information Permanent Secretary, Dr Bitange Ndemo, with high speed internet comes increased security risks. Kenya, just like other countries, needs to develop policies both to ensure wider access and the safety of internet users, he says.
Dr Bitange concurs with other cyber security experts that many cyber adversaries are developing better intelligence capabilities than their targets.
As one expert, Joel Harding, puts it in an online commentary; he doesn't know the status of most critical infrastructure in America but he's "certain that many, if not most are not fully updated, do not have adequate monitoring or protections, have inadequate contingency plans and are unnecessarily exposed to the Internet, and are therefore vulnerable."
Harding is a former US military intelligence officer who is currently a communication and public diplomacy information operations expert and consultant.
Spying for security
The Kenyan government recently mooted a plan, through legislation tabled in Parliament, for power to monitor personal emails and curb hate speech or nab people behind cyber threats.
The proposal, though justified to some level, has elicited mixed reactions with people citing, intrusion to privacy as the reason to stop such a move.
The Communications Commission of Kenya said this is part of the plan to set up local and regional security centres to manage cyber security
Curbing hate speech
One concern for the authorities as Kenya gears up for the general election in early 2013 is the need to curb hate any speech that could spark election-related violence.
The need to get ahead of advanced cyber attackers, experts say, has also been brought by the fact that the attackers are no longer doing it for fun but for political activism and intellectual property theft and financial gain.
A report by an IT security consulting firm, Serianu Ltd, shows that most Kenyan companies do not update their software in tandem with security upgrades by major software and apps vendors.
This, it argues, has opened a window for cyber criminals to gain access to computers with the aim of stealing vital information or denying the users access to their sites or servers.
“The biggest challenge is that most firms are not proactive in protecting their sites or systems and only take action when they have been hacked into, this can be very expensive,” said William Makatiani, the chief IT security analysts and founder of Serianu Ltd.
In its latest release of top five cyber-threats for 2011, Symatec, the manufacturers of Norton Internet security products, identifies social media identity theft as a major target for hackers.
Mobile growth = mobile threat
Hackers are showing growing interest in mobile devices including smartphones and with Kenya’s broadband infrastructure getting better, there will certainly be more online users, thus attracting more hackers.
Mobile applications which are increasing by day are also coming with new threats. It is estimated that by 2015, there will be more than 1.5 billion smart phones and 130 billion applications downloaded by 2016.
Hackers, experts warn, are likely to ride on the loopholes in mobile downloads to spread computer attacks unless safeguards are put in place.
In fact, banks have become the most affected in the cyber scams, with a recent industry survey conducted on banks in Kenya, Rwanda, Uganda, Tanzania and Zambia indicating that threats like hacking, malicious insiders, card skimming, electronic file manipulation, IT controls circumvention and unauthorised access have surged as new core banking systems intended for enhanced IT security become more expensive to acquire and deploy.
The report also says that organisations need to obtain the latest data on threats, relate it to real-time insights into their dynamic IT and business environments, determine what is relevant, make risk decisions and then take defensive action.
“Intelligence gathering and analysis have become essential capabilities for a successful information security program yet most enterprise IT security organisations have not been built with this objective in mind,” the report says.
Apparently this is not a Kenyan or African problem alone. The whole world is at risk. A recent study by Symantec's Norton estimates the cost of cybercrime worldwide at USD 388 billion.
High dependence on technology was identified as one of the major risks facing commercial banks in East Africa, according to a PricewaterhouseCoopers (PwC) Kenya survey conducted on 33 banks in Kenya, Rwanda, Uganda, Tanzania and Zambia early 2011.
In the region, banks have to keep up with technology advances to meet customer satisfaction, thereby depending highly on technology.
The Regional Manager for International Data Corporation (IDC) East Africa, Francis Hook, said that one of the primary factors hindering the proper implementation of an IT security policy is the non-existence of the policy itself and no proper training on security policy.
The report also noted the use of electronic messaging systems to send unsolicited bulk messages indiscriminately in what is commonly referred as spamming to be a major challenge to most corporate firms.
“Whereas most email spam contain harmless advertising messages there is a new breed of spam that is spreading viruses, worms and Trojans into end user computers,” reads part of the report.
Spam increases bandwidth charges for ISPs as a result of increased network traffic and also causes problems for internet users because of increased fraud, wasted time, and various other scams.
MORE SECURITY NEWS
Zambia to host Southern African Banking and ICT Summit 2015Efforts to curb increased incidences of cyber crime within Africa’s financial institutions, Government Agencies and private sector have received a boost with the planned Southern Africa Banking and ICT Summit set for April, 30th , 2015 at Intercontinental Hotel Lusaka Zambia. Read More
E-PPAN alerts bank customers on fraudstersWith many bank customers that use the electronic payments falling prey to fraudsters, Electronic Payments Providers Association of Nigeria (E-PPAN) has warned customers to be wary of how they release the details of their bank accounts to people. Read More
TESPOK, Kenyan government monitoring cybercrimeThe Telecommunications Service Providers Association of Kenya (TESPOK) and the government are monitoring and collecting data on cybercrime on the country’s networks in a bid to tackle the growing problem. Read More
Cybercrime now a “top five” economic threat in East AfricaCybercrime has grown to become one of the top five types of economic fraud in East Africa, according to PwC manager John Kamau. Read More
Stanbic Bank offers holiday tips to ATM usersAs has become the norm during the holidays, Stanbic Bank Botswana has prepared safety tips for those wishing to use ATMs ahead of the Easter long weekend as part of a concerted effort to ensure greater financial security amongst Batswana. Read More
How to beat cyber criminals – KasperskyCyber criminals are getting more daring every day and everyone on the Internet should be wary and take precautions, warns Internet security solutions firm, Kaspersky. Read More
Kaspersky Lab reveals latest cyberespionage tactics: complexity and modularity VS functionalityNation-state sponsored cyberespionage attacks are becoming more sophisticated, targeting carefully defined users with complex, modular tools, and keeping well under the radar of increasingly effective detection systems, Kaspersky Lab experts have discovered. Read More
Safe Deposit: Defeating cyber-attacks against banksWith online heists once again hitting the headlines, how should banks and their customers protect themselves against similar attacks? Read More
Large organisations gear up to address aggressive cyber-security business disruption attacksAlthough the frequency of a cyber-security attack on a large scale is low, by 2018, 40 per cent of large organisations will have formal plans to address aggressive cyber-security business disruption attacks, up from none this year, says Gartner. Read More
FEATURED STORYe-commerce space untapped, says phonekings head
E-commerce is the future, says the head of a new online electronics mall launched in Nigeria. Tayo Olusanya spoke to Kokumo Goodie in Lagos.
BEST READ NEWS
IN DEPTHVillagers get solar training at Barefoot College
The Botswana Human Resource Development Council (HRDC) has seconded seven semi-illiterate mostly Ngwatle villagers for a six month solar electrification training course at the famed Barefoot College in India.
COMPANY NEWSSchneider Electric sponsored runner wins 2015 Paris Marathon
Ethiopian runner, Meseret Mengistu (26), has won the prestigious 2015 Schneider Electric Marathon de Paris women’s race in 2:23:24.