As nations around the world step up measures to counter a massive cyber attack, Kenya reassured its citizens that government computer systems and networks are secured following the emergence of a lethal ransomware virus that is spreading at an alarming speed and wrecking havoc to computers globally.
The Ministry of ICT Cabinet Secretary Joe Mucheru said the government was keenly following developments on the encryption malware which effectively disabled over 200,000 computers running the Windows operating system in over 150 countries.
He was speaking at the Cyber-Security and Banking Forum organised by Citibank and the ICT Authority, where he challenged the financial services sector to improve information sharing and reporting on cyber-security breaches.
“We have heightened our cyber monitoring and surveillance mechanisms to prevent and eliminate any remote possibility of attack,’’ Mucheru said.
Mucheru added that this would also aid in quantifying the exposure and resilience of organisations both in public and private sector to cyber security incidents.
“Breach notification eliminates the clandestine attempts by hackers to attack systems and enables synergised efforts toward the prevention of the criminal activity as well as their prosecution,’’ he said.
The authority has warned the public against temptations to yield to those demands.
“We must ensure that our aspirations for innovation in the various sectors of the economy are matched with prudent security risk management, especially in the Fintech services area,’’ Mucheru said.
He also pointed out that although the financial services sector relied heavily on various financial technologies to link to each other and the larger economy, it was yet to come up to par in terms of cyber-risk preparedness.
“With more than 75.3 per cent of Kenyan citizens included in the formal financial services in the country, one would logically expect a corresponding increase in cyber security investments in the industry. Statistics indicate this is not the case presently,’’ he said.
Michael Mutiga, the Managing Director, Corporate and Investment Banking at Citibank said that the creation of a shared industry reporting structure was the next phase in the evolution of Cyber-security awareness in Kenya.
“Breach notification is an important factor in the entire process of cyber-risk management. We have seen other markets develop mechanisms to share this data within set parameters for the benefit or the industry and overall economy,’’ he said.
Citibank’s Lead Information Security Officer for Middle East and Africa Edward Kiptoo said collaboration was taking place on an international level, attacking a global threat through combining the capabilities of companies and banks across the world.
“The information Sharing and Analysis Centres (ISACs) for instance, share information not only internationally, but also across sectors,’’ he said.
Ransomware is a type of malicious software that infects a computer and restricts users’ access to the computer until a ransom has been paid.
Once a computer has been infected with the virus, it tries to infect other computers within the network and denies users access to information until they pay ransom.
To stay safe, Kenya has advised computer users to observe a number of precautions.
This includes ensuring they have an up-to-date back up of their files offline to ensure the information can be easily restored in the event of an attack.
The Kenya Cyber Security Report 2016 by Serianu, indicated that about 44 per cent of financial institutions run on a cyber-security budget of a paltry one to 1,000 dollars annually.
Meanwhile, another 33 per cent of financial institutions in Kenya have zero spending on all matters of cyber security.
The report said that a whopping 175 million dollars has been pilfered from Kenya’s economy by savvy cyber-criminals.