We must improve cybersecurity

According to the most recent internet usage report from the Communications Commission of Kenya (CCK), there were an estimated 17.38 million internet users in Kenya as at December 2011. This represents a 95.63 per cent increase from 8.8 million internet users reported in December 2010. Unfortunately, as internet usage continues to grow in the country so does the number of internet security incidents reported.

The increased use of and dependence on information technology has exposed Kenyan organisations to premeditated security threats with possibly disastrous effects. Most of these organisations are prime targets for insider attacks as well as cyber-criminal acts.

While information security trends globally indicate an increase in sophisticated and targeted attacks, the trends locally are not only shocking but also embarrassing. Most of the issues reported in Kenya are not new. Kenya is ill-equipped and unprepared to respond to information security threats and needs to get back to security basics. This means identifying the most critical information assets, confirming what controls are implemented on each asset, and continuously assessing these controls to ensure compliance with set policies. There is a need for the key players in the information security; government, service providers, businesses and citizens to work together to address the cyber security threats.

The Kenyan government has a major role to play in ensuring higher levels of information security in the country. The government needs to develop a locally focused information security strategy and propose practical regulations on information security.

Service providers also have a role to play in ensuring higher levels of security in the country. Service providers build and maintain information and communications infrastructure in order to provide connectivity and bandwidth for customers.

Many businesses in Kenya lack basic security protection, let alone more advanced cyber security defenses. Many lack the skills or resources, while others need guidance and help with establishing best practices. There is also a visible information security communication gap between security professionals and business executives who either don’t understand or don’t care about escalating information security risks.

This situation leaves critical ICT infrastructure in Kenya vulnerable to cyber security attacks. Cyber criminals are targeting businesses to gain access to Intellectual property in the form of software, and to business secrets stored in files and databases that are often inadvertently leaked. To address these risks, enterprises must set up and continuously conduct protection processes that deter criminals —outsiders as well as insiders.

Although there are different initiatives in place set out to address information security issues in Kenya, these initiatives cannot adequately address our current information security issues.

In conclusion, as a country we need to train and grow information security experts and ensure current technology and security practitioners receive more in-depth training needed to secure critical ICT infrastructure.

Makatiani is Founder and Chief Consultant at Serianu