Cyber crime: A threat Kenya must not ignore

Cyber security infrastructure preparedness involves up-to-date software and requisite laws. Various strategies involving different stakeholders are already in place.

There is need for reviews aimed at modernizing laws and regulatory legal framework to achieve internet connectivity and national developmental objectives.

As in all security, one can only be as safe as to avoid just the known risks. Entrepreneurship success oppositely requisites and rewards risk takers.

hAfter the government heeded security experts advice and established KE-CIRT-which has been Kenya’s cyberspace nose, eyes and ears detecting threats to national online investments, cyber crime seems to be increasing with rising internet penetration.

Despite efforts by government officials to restore the recently hacked sites within 5 hours the spate of hackings carried out on government websites last week has evoked debate on security of public information and its threat to Kenya’s integration to the new online order.

The rapid growth in internet penetration is also exposing more Kenyans to risk. Latest statistics from Communication Commission of Kenya indicates that by end of 2011 over 36 per cent of the population has access to internet from 31.8 per cent recorded in 2010 representing a 14 per cent increase.

Hacked public data could be used as a weapon on social, economic and political wars. For example, medical data could be used by pharmaceutical firms, say, to spy on the prevailing diseases enabling them manufacturers and hike prices of essential medicines in high demand.

Software programmers with a good and long term experience handling mass data best understand what "the power of data" really means. Hence the importance and urgency of citizens protection measures by the government to counter every of one these data threats.
Experts says that all websites be can be hacked into but it is the ease with which some website can be intercepted that is most worrying.

The frequency with which a website falls victim to hackers affects the perception of the brand owners and casts doubt on whether such as a site can be trusted with customer information.

Mr Alex Gakuru an expert in ICT advises says that there are fundamental security precautions that server administrators may fail to observe that lead to such attacks.

He says that servers administrators broadcasting their operating system and web server software, content management systems - including versions numbers, release dates, and more increase chances of such attacks.

Concealing such details sends hackers "on a wild goose chase."

It is like a bank announcing to the whole world the name, brand, manufacturer, make and model of their vault. If it publishes its security staff's full names and families, such a bank would be soliciting their most unwelcome visitors.

Other common attack paths include servers left with many ports open (figuratively "holes") allowing hackers to penetrate, misconfiguration and failure to properly install and configure firewalls.

But closing unnecessary ports and running proper firewalls alone does not prevent all attacks.

Such include threats technical people call "URL Interpretation Attacks", "Input Validation attacks ", "SQL Query Poisoning ", "HTTP session hijacking" or "Impersonation."

The only defence against these types of attacks is to ensure server applications programmers write and thoroughly test those programs for security cracks.

"Web presence is an investment and it is the duty of the enterprise to hire the services of an ethical hacker to check on a website’s vulnerabilities and offer necessary recommendations," says Denis Karema, a web developer with Usalama Innovations.