Fix flaws in cybersecurity readiness

Whether for self-gratification or for financial gain, the swirling cybersecurity is deeply concerning to both businesses and government. Cybersecurity is one of the most ominous threats around the world. In the African region, Kenya is a magnet for cyber criminals.

Cybercriminals are betting big: last year alone, Kenya lost a whopping Sh21.2 billion to cybersecurity. And that is a conservative figure because the law does not require organisations to report when their systems are cracked. Nearly all cybercrimes don’t go beyond being spoken about in whispers in boardrooms.

Government and financial institutions including telecoms companies in money transfer bear the brunt of cybercrime.

E-COMMERCE

Cybercriminals targeting e-commerce often go for online fraud, credit card fraud, SIM card swiping or fool unsuspecting people to send money to the wrong mobile wallet.

Best practice in many countries is to notify the affected individuals, regulatory and credit reporting agencies or the media of the data breaches.

Additionally, contractual obligations require notice to business clients, employees or customers.

Although the Kenyan Constitution guarantees citizens the right to privacy, its enforcement in the digital era is a matter that requires an-all-hands-on deck approach.

Because they hold troves of vital data, telecoms companies, health organisations, mobile applications, financial organisations and trade unions are most susceptible to cyber spies. Oblivious of the looming threats, some of these organisations’ vital digital systems stand on porous platforms.

M-PESA NETWORK

Cyber offenders are notorious for maliciously attacking massive mission-critical companies like Safaricom. It’s therefore a matter of grave concern when Safaricom’s M-Pesa network goes down for hours without a word. Cyber crooks often take over a company’s systems and mine its data from the back door.

They use the data for blackmail, to seek ransom, identity theft, or to milk millions from the company.

The criminals can bring down a business and expose individuals to financial loses or personal harm.

To stop this problem, the government should set up an agency to monitor and report data breaches.

RECORDS COMPROMISED

Such an agency would report the severity of breaches, the number of records compromised, the type of data, the source of the breach, how the stolen data could be used, and whether or not the stolen data were encrypted.

Top government officials and politicians run the highest risk of their information or that of their family or business relations stolen and used against them. They should lead the way in enacting and enforcing mechanisms for personal data security.

If we keep sweeping data breaches under the rug, sooner rather than later, the cyber crooks could hang millions of Kenyans out to dry.

Mr Wambugu is an informatics specialist. Email: [email protected] @samwambugu2