Part of the challenge is the poor appreciation or lack there of by executive boards of the serious risks posed to businesses that are not proactively working towards securing their vulnerabilities
According to ICT security company, ESET East Africa, the recent spike incases of cyber attacks and breaches in the financial services sector is attributable to the slow pace of implementation of ICT security protocols.
Speaking at the quarterly CIO East Africa industry breakfast, Chief Executive Officer, ESET East Africa, “We have seen businesses move from using single static device environments and onto multi-layered devices and even cloud technology platforms. This means that we should be pushing for a synchronized security environment where aspects of security are shared at all levels of business“, said Freeman.
The Central Bank of Kenya (CBK) is said to have since taken positive steps in addressing the attendant security risks in the sector. Recently it ordered a full ICT Security system audit for all banks and insurance operators.
Njaramba Kanani, the Information Security Officer at Chase Bank, said the baseline survey is meant to give a glimpse of the state of affairs in the sector towards addressing the attendant Cybersecurity risks facing the sector.
“The fact is that we will be attacked, of importance however is what we do after or how far the attackers can go in case of a breach. In this regard the new CBK rules have given the sector even more reason to invest in security matters“, he said.
At the forum, it emerged that over 30, 000 unique cyber attacks and attempts are recorded in the financial services space in Africa annually. Even so, it was said that many insititutions do not fully understand the security challenges that come with their constantly upgraded and integrated technologies such as mobile and remote service delivery models.
According to Freeman as companies invest in and integrate more ICT systems onto their processes there is an inadvertent increase in their risk profiles. These he said should be tested and re-tested regularly to wipe out loopholes.
“Even with the highest level of security investment, the human element remains the weakest link within organizations especially where the Bring Your Own Device (BYOD) culturesustains.Noting that mobile malware is among the biggest emerging threat in cybersecurity today, a weak user proficiency policy among staff on ICT security matters is a major threat to any ICT security efforts“ he explained.
Currently over 20 million Kenyans access the internet through mobile devices, many of who use the same single device for personal, business and official work purposes.
Freeman said that education and awareness on cybersecurity risks is the only way towards ICT Security maturity among staff and if the industry is to turn the tide in the fight against cybercrime.