Companies

Kenyan firms, state agencies face increased cyber threats

Failure by companies and government agencies to regularly update their computer software is exposing them to cyber threats such as online fraud and data loss.
A report by Serianu Ltd — an IT security consulting firm — says most Kenyan companies do not update their software in tandem with security upgrades by vendors such as Microsoft and Oracle.

This, it argues, has opened a window for cyber criminals to gain access to computers with an aim of stealing vital information or denying the users access to their site or server.

“The biggest challenge is that most firms are not proactive in protecting their sites or systems and only take action when they have been hacked into, this can be very expensive,” said William Makatiani, the chief IT security analysts and founder of Serianu Ltd.
“Most firms buy or outsource the software and servers to third parties and as such they don’t have control to know when a new version of software has been released for them to upgrade.”

According to the report, cyber criminals are likely to gain access to websites that are running on older software versions rather than those that operate on updated ones.

Weaknesses

This is mainly because cybercriminals usually work around the clock trying to find potential weaknesses they can exploit in software or hardware that has been newly  released into the market and hence the need of continuous update by the vendors.

The report lists bank account, credit and debit card details as the most looked for data by cyber criminals and which they later put online for sale. “During our research on credit card fraud, we came across a credit card shop that was selling credit card data issued by banks located in Kenya. ,” noted the research findings.

Government websites and banking institutions have been the most vulnerable targets with internet security report indicating that In February alone 103 government websites were hacked into.

“Between January and April 2012, a number of Kenyan websites were compromised by cyber criminals. Most of the compromised websites employed some application functionality, allowing customers to access sensitive account information upload documents or perform transaction,” said Mr Makatiani.

Commercial banks and firms that deal with online payments have emerged targets of the cyber criminals.

The report was released on Friday by Serianu Cyber Intelligence Team (SCIT) who analyzed  150 spam sending IP addresses that are owned by Internet Service Providers (ISPs) located in Kenya - between January and April 2012.

The report also noted the use of electronic messaging systems to send unsolicited bulk messages indiscriminately in what is commonly referred as spamming  to be a major challenge to most corporate firms.

“Whereas most email spam contain harmless advertising messages there is a new breed of spam that is spreading viruses, worms and Trojans into end user computers,” reads part of the report.

Spam increases bandwidth charges for ISPs as a result of increased network traffic and also causes problems for internet users because of increased fraud, wasted time, and various other scams.

Globally many countries have launched initiatives to detect and prevent spammers.

Such initiatives have focused on identifying sources of spam and working with ISPs in an attempt to block such computers from sending out spam.