Kenya has in the recent past seen increased internet security threats which range from hacking, to stolen digital identities and even malicious take-down of content. The cases have mostly affected business but individuals have also suffered from these incidents.
What Were The Findings?
Today, Serianu Limited in partnership with the United States International University (USIU) Kenya and Paladin Networks, launched the annual Kenya National Cyber Security Study, which is in its fourth edition. According to the report, Kenyan companies have in the last year lost Kshs. 17.5 Billion ($175 Million) to cyber-crime. This is an increase from the Kshs. 15 Billion lost in 2015 a rise by 14%.
Organizations have however begun to acknowledge the sensitivity of the issue, with 93% of Kenyan companies viewing cyber-security as a problem. However, there is little or no investment by most, with their annual budget for the same not exceeding $5,000 in 96% of these firms. In a sectoral breakdown, government still faces the largest threats followed by banking and financial services. Telecommunication sector follows, while other industries face the least threats. Other sectors emerging as most likely to face cyber security issues include betting, e-commerce, hospitality and retail.
The report states that insider threats are the largest contributor for the growth of these cases, and include fraud involving information or employee abuse of IT systems and information. It also states that the number of cases related to mobile money has dramatically risen over the last year with most of them involving social engineering, malware and account personifications.
E-commerce platforms on the other hand have seen a rise in the number of online scams, ATM card skimming and identity theft incidents. In addition incidents of malware targeting critical mobile and internet banking infrastructure are on the rise. Another factor cited as the main cause for these cases is the low level of security awareness by companies and their employees, where technical training of employees is insufficient. Majority of Kenyan organizations spend $5,000 or less on cyber-security issues while most allow for Bring Your Own Device (BYOD) policies at work further aggravating the situation.
Position of the Kenyan Law
The report further states that only 3% of the cases reported have been prosecuted, a fete likely to change with the enactment of the new laws. The report cited the lack of practical regulatory guidance from industry regulators and government as one the reasons why these cases have continued to grow in scale. Keen on tackling these issues, the government is working on draft regulations aimed at tackling them under the Computer and Cybercrimes bill, 2016.
Once enacted, the legislation proposes tough and strict penalties for those who commit offences under the law. For instance, infiltrating security measure and gaining access to a computer system, with full knowledge that such actions are unauthorized attracts a fine of 5 million shillings or imprisonment for a period not exceeding 3 years or both among other provisions.