Ideas & Debate

Digital security is as strong as weakest link

cyber attack
Your employees are the first line of defence against any attack. FILE PHOTO | NMG 

The World Economic Forum’s 2019 Global Risk Report identifies cybersecurity as one of the biggest threats facing businesses and economies today.

Cyber-attacks have exponentially grown in scale and sophistication. Just one, simple attack can lead to significant loss of data or financial fraud that impacts a company’s reputation and credit rating, shaking investor confidence and consumer trust. And it goes without saying that the cost of a breach can amount to millions of dollars, leading to catastrophic consequences.

Experts predict economic loss due to cybercrime to reach $3 trillion by 2020, and 74 percent of the world’s businesses are expected to be hacked in the coming year. Statistics have further shown that the more connected a country is, the more prone it is to cyberattacks. This means that making cybersecurity a part of the national agenda has never been more important.

This rings particularly true for Kenya, a continental leader in Africa’s growing digital ecosystem. With a population of almost 52 million, there are currently around 47 million internet users with a penetration rate of 89.9 percent, making Kenya an ideal target for bad guys in cyberspace. As such, the country’s technology and financial industries must remain mindful of the relentless threats posed by cybercriminals who are in search of a quick shilling.

However, remaining alert is no small feat. Unlike other business risks that can be solved with targeted programmes and multistage interventions, cybercrime is a constantly evolving and moving target.


Fighting cyber fraud is a bit like playing whack-a-mole. As security interventions and programmes expand and become more sophisticated, cybercriminals across the world become smarter, faster and more cunning in their attacks. Furthermore, in cases of financial hacking and cybercrime, the fraudsters are most often international.

And because they use perilous tools such as the dark web to communicate, their immense geographic spread means many fall outside traceable legal jurisdictions. This means that the global financial system, including tech companies and governments, must coordinate in real time to mitigate security risks.

Of course, there are no silver bullets to fight cybercrime, and there never will be. But there are a number of measures that the financial sector can implement to safeguard their systems.

Below are some useful tips, tricks and measures to help any business stay digitally ready and strong in the fight against cybercrime.

Adopt best practices - companies must ensure that they are following cyber security best practices and keeping their systems protected. This means always looking out for loopholes and deploying appropriate solutions to mitigate risks. They also need to ensure they are requesting their third-party processors to comply with the Payment Card Industry Security Standard, as well as getting their systems independently vetted by the Qualified Security Assessors. Trust, but always verify.

Invest in security tools - obtaining the right tools to identify, mitigate and monitor threats is crucial. When investing in new technology, price, as well as safety and security, should be taken into careful consideration. For example, at Mastercard we secure the payments ecosystem by deploying and providing a multi-layered approach with EMV, end-to-end encryption, tokenization and authentication, among other features.

Be proactive, not reactive - reduce your risk of attacks by taking proactive measures. These include performing security reviews of payment switches and servers in the cardholder environment, as well as improving your monitoring of critical payment infrastructure, network traffic and close monitoring of typical ATM transaction withdrawals. Back in 2018 we launched the National Fraud Service (NFS) in Kenya, a comprehensive fraud management tool that addresses the primary fraud requirements of issuers.

The service is an advanced, comprehensive solution that has been designed by analysing historical card payment fraud to help issuers quickly tackle fraud at all levels by providing real-time risk and fraud monitoring of transactions.

Be security conscious - the financial sector needs to always consider cyber threats as ongoing risks to their business. They need to maintain a continuous dialogue about the status of their security, always relentlessly working to keep it safe.

Here we can take a lesson from a global case study – the Bangladesh Bank heist in 2016 where the criminals successfully walked away with $81 million out of the $1 billion they originally planned to steal. The heist was perpetrated by thieves who never even entered the building. This violation was terrifying because it was not technically a breach – the instructions came from inside the bank’s system via a secure inter-bank communication network.

Educate your employees and customers - Perhaps one of the most important things you can do is educate staff, as they are the first line of defence against any attack. Also, teaching customers to be able to spot security risks is paramount to their own safety.

The Kenya Bankers Association (KBA) and the Central Bank of Kenya (CBK) are taking a proactive lead on consumer education.

The writer is Business Head, East Africa, Mastercard.