High-speed connectivity opens firms to hackers

Small businesses are at risk of increased cyber attacks as they ride on the high-speed internet bandwagon, the result of fibre optic connectivity.

Last August, the Business Daily revealed how some of the local banks’ internal security systems are weak and prone to attack.

One internet security experts interviewed was able to hack into a customer’s database in one of the smaller banks which gave him full access to personal information, confirming that 60 per cent of the banks had insecure systems.

Security experts say the change over to the fibre optic will make Kenyan businesses more vulnerable to cyber criminals.

Cyber attacks

Mr John Gichuki, an information security consultant, says there is already an increase in cyber attacks.

“Several organisations have complained that immediately they switched to undersea cable, a swap of spam hit through their email server within an hour of operation,” he says.

Particularly vulnerable are small and medium enterprises (SME) which do not have security.

A new study carried out in the US by the National Cyber Security Alliance (NCSA) showed that small businesses were more vulnerable to cyber criminals “due to their disorganised approach” to security issues.

In the study, only 28 per cent of the American small businesses have formal internet security and worse still, only 86 per cent said that they have no one to solve IT issues.

Mr Patrick Kiniti of Techmax Solutions, a company that specialises in network security, vulnerability assessment and penetration testing, fears there will be more sophisticated attacks on Kenyan websites and network installations from users abroad.

With Kenya on the fast lane to get connected, attackers from abroad can launch sophisticated attacks such as Distributed Denial of Service (DDOS) – which makes a computer resource unavailable to its intended users.

“They (small businesses) are vulnerable because they do not understand the threats,” says Mr Evans Ikua, the lead consultant at Lanet Consulting- an internet security company.

A lot of Kenyan businesses think that setting up a firewall and an intrusion detection and prevention system in front of their network will block attackers from gaining access to their network.

“When a small business has their website defaced, this could lead to loss in customer confidence, loss in business and revenue,” says Mr Kiniti.

He says a company’s email address can be spoofed or “forged” and used by a hacker to send all the company’s clients, offers of an illegal sale.

Such an email can cause a lot of mistrust especially when such clients respond and order goods or services.

There is also the fear of home-grown cyber criminals and as Kenya becomes more dependent on electronic transactions for day-to-day business credit card and ID theft will also rise as Kenyans embrace online transactions.

With no government framework to work on how and when to defend the cyber space, Kenyan businesses have to incur the full cost of preventing cyber attacks.

The exact cost cannot be estimated because it depends on several factors, including business espionage or attacks intended to finish off the network?

It could also be a mock attack to assure clients that their data and information is safe.

But failure to mitigate is even more costly than a cyber attack that leads to data and information loss or loss of productivity.

Mr Ikua says employing IT security experts can be expensive for small businesses.

Instead he advises them to engage consultants and should also make use of shared services that can make their capital expenditure lower.

First, they need to start by getting proper information on IT Security by acknowledging that they too are vulnerable to cyber criminals.

They can come up with a policy with this kind of information.

It is, however ,advisable to consult with an expert when drafting such policy.

It should form the foundation of the business’s overall security strategy by drawing out the procedures for implementing and embracing Internet technology.

Lastly and most importantly, SMEs need to carry out vulnerability assessments and penetration tests on their network infrastructure, web portals and applications.

It is through this that the owners can find the loopholes or weaknesses in their systems before the hackers find it.

“Without a sound policy, there is little that a firm can do to secure its systems and data. A sad fact indeed that I witness often with SMEs and Corporate organisations,” says Mr Kiniti.