Firms exposed to cybercrime in frantic rush for online services

The need for companies to go where customers are is the reason behind the mad rush to create online portals, but the sting lies in increasing exposure to cyber security threats.

The rage is either to go mobile or risk being pushed into oblivion disrupted by poorly funded startups run from dimly lit backrooms or garages.

The hype has in its wake, however, created new jobs for mobile app developers and website administrators as local companies now trade their wares and services on the go.
According to virtual mall StateDuka.co.ke co-founder William Anguka, online business portals are not about to fade away.

“Banks, saccos, media, distribution, security, matatus, music, pubs, hotels, IT, retail chains and even logistics firms have been forced by circumstances to pursue customers where they are,” he said.

Not to be left behind, the Kenya Union of Savings and Credit Societies’ Organisation (Kuscco) has moved to establish a stand-alone firm, IRNET Kenya (ICK), which enables small saccos to offer services 24/7 via mobile apps on a pay-per-use model.

“The future provision of financial services is digital banking and ICK gives the small saccos a platform to offer services to their members securely via the web and on mobile phone apps. Each sacco will have its secure portal thereby saving them the need to acquire ICT infrastructure and cost of employing staff to man the facility,” said Kuscco’s managing director George Ototo of the platform.

To date, 58 saccos have uploaded customer data on the platform easing the need to travel long distances to be served. This has made savings or withdrawals as well as applications for loans easy as members access their individual accounts via their secret codes.

But the craze has not come without challenges that have placed a new responsibility on companies to invest cyber security measures.

READ: Microsoft official tips Kenyan firms on cyber security threat

According to the Communications Authority of Kenya’s latest findings, the National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT-CC) analysed and validated 4,589 cyber threats.

CA’s Second Quarter Statistics Report for the 2017/2018 financial year (October-December 2017), said 539 cyber threats were resolved.

“The most experienced cyber threats were various forms of system misconfigurations that made computers/networks to be vulnerable and susceptible to cyber-attacks. These type of threats were recorded at 187,” says the report.

System misconfigurations, largely ride on weaknesses where users access their company portals using default 0000 passwords that are not regularly changed (updated) from any gadget at any level.

While most Kenyan companies remained mute over attacks on their individual portals, albeit to protect their business interests, CA’s report said 140 malware attacks (malicious software) were reported with the 2017 prolonged political period blamed for 104 incidents of impersonation, which were reported.

Three firms also suffered Distributed Denial of Service attacks (DDOS) leading to temporal lockdowns while 24 cases of online fraud were reported and 64 online hate speech complaints lodged.

With Safaricom’s M-Pesa moving Sh36 trillion in the past year via rudimentary phones and their mobile app, banks and saccos have also cashed in on the new craze, albeit to cut operational costs by running branchless operations.

The most popular part of the new apps is the Unstructured Supplementary Service Data (USSD) aka Quick Codes where customers access their bank accounts to transfer funds for payment of goods and services or transferring cash to their mobile money accounts.

Kenya has 28.2 million active mobile money accounts and has been credited with increasing financial inclusion and enabling the diaspora to send money home directly to their relatives’ accounts.

READ: Kenyan firms risk higher cybercrime

But cyber-security firms feel local companies need to concentrate on their core mandate while leaving matter IT to them.

CA’s website was defaced last year while last January, National Bank reported thwarting an online bid to transfer Sh29 million from its accounts by an unknown hackers to mobile money accounts, a technique at the heart of massive bank theft locally and internationally.

NBK chief executive Wilfred Musau said, “I confirm there was an attempted fraud on January 17 but the bank monitoring and security resources frustrated the attempt.”

According to Eldama Technologies Ltd Managing Director Jonathan Somen, malware affects businesses on a daily basis disrupting IT and computer processes “and in extreme cases can delete, steal or hold to ransom valuable business and personal data.

“Cloud technology has not only made efficient backup possible by ensuring that all key requirements are met but has reduced the number of interventions required to ensure data is available at all times. It has provided a hassle-free solution, which offers a one-stop solution to customers.”