More than 80% of Kenyans connected to the Internet are vulnerable to cybercriminal attacks, a new study reveals, putting the cost to business at Ksh15 billion annually.
The study, titled The State of Cybersecurity in Kenya, which was carried out by cyber security consulting firm Serianu in partnership with PKF consulting and USIU Africa, shows that the vast majority of private companies and public sector organizations also remain very exposed to cybercrime and internal IT fraud.
The public sector as the most affected losing approximately Ksh5 billion per year followed by the financial services sector at Ksh4 billion and manufacturing and industrials at Ksh3 billion in third place. The telecommunications, media and technology and other sectors are estimated to lose about Ksh2 billion and Ksh1 billion respectively.
Serianu Managing Director William Makatiani said that these had been published into a report – Kenya Cyber Security Report 2015 that is available for public access. “Nearly all internet devices in the Kenyan cyber space are vulnerable to attacks, exposing more companies and individuals to the risk of malicious insiders and cyber criminals,” said Makatiani.
He added that on average most medium sized organisations with over 70 employees in Kenya have at least two vulnerable computer servers and up to fifteen infected computers that were already hacked into by cybercriminals. The most vulnerable businesses and home owners are those that have installed low cost home routers, Closed Circuit Television (CCTV) systems and public email servers on their networks.
To counter this situation, Makatiani explained that Kenyans who are busy installing these internet access systems in their homes and office networks must work with cyber security experts to ensure that they are not exposed. Similarly, companies need to raise their degree of vigilance with the IT teams required to invest more time and resources in auditing their entire systems and establishing modalities to reduce breaching incidences.
Paula Musuva Kigen, an Associate Director of Cybersecurity at USIU-A’s Centre for Informatics Research and Innovation (CIRI), highlighted the need to have localized cyber intelligence research in order to have organizations appreciate and respond appropriately to the threat landscape in the region. She added that the report highlights the technology trends in areas such as cloud computing, internet of things, near field communications and points out the cyber security considerations organizations need to make.
Serianu’s study also reports that the annual cost of cybercrime to Kenyan companies is estimated to be Ksh15 billion cost is based on Serianu’s estimates from their 2015 cyber security study. The firm reviewed publicly and privately available data from individual industries, complemented by interviews with business leaders and IT security practitioners. But it was much harder to establish the extent of financial losses by the public sector.
“Unlike many governments, Kenya has not established any mechanisms to track and calculate the losses made by public sector organizations to cybercrime,” he said. “This makes them even more susceptible to such crimes such as website defacements and ransom demands from criminals before restoration.”