Companies

Cyber criminals steal Sh106m from saccos

cyber

alushula

Summary

  • Saccos lost Sh106 million in the 17 months to March to cyber theft amid increased mobile banking, pointing to increased need for reinforced systems and insurance covers.
  • Latest financial sector stability report shows that the losses came on the back of increased use of digital channels such as mobile banking.

Savings and credit co-operative societies (saccos) lost Sh106 million in the 17 months to March to cyber theft amid increased mobile banking, pointing to increased need for reinforced systems and insurance covers to protect the billions of shillings they hold.

Latest financial sector stability report —prepared by financial regulators including Central Bank Kenya and Sacco Societies Regulatory Authority— shows that the losses came on the back of increased use of digital channels such as mobile banking.

The report says that the losses –an equivalent of Sh6.23 million per month or Sh208,000 daily— were through software vendors engaged by the saccos, underlining the vulnerabilities of a sector that holds over Sh800 billion customer deposits.

Saccos are now being asked to strengthen their control systems and review contracts signed with software vendors to compel such dealers to be compensating the co-operatives when losses occur.

“All saccos must now review and enhance their IT security including their service level agreements to ensure that affected saccos are compensated by the vendor in the event of an attack where the vendor is culpable. Saccos are also encouraged to undertake indemnity covers to safeguard against attacks,” says the report.

Saccos are under pressure to invest in strong control systems to boost their chances of joining the national payment system without becoming the weak link in cyberattack fight in Kenya’s financial services sector.

The disclosure comes on the back of cybersecurity consulting firm Serianu saying in a report released mid-August that 21 percent of saccos never carry out cybersecurity audits while 48 percent do so once a year, leaving them unaware of weaknesses on their network.

Increased mobile banking, expanding branch networks and increased connectivity to external IT networks are among the factors making financial firms more vulnerable to attacks.

“Our research indicates that there is increased targeted attacks on Sacco mobile transaction infrastructure. Additionally, weak IT infrastructure is exposing Saccos to attacks,” Serianu said in the report.

Some 22 percent of saccos do not conduct any due diligence on vendors before engaging them while 58 percent only do background checks on major vendors.

Many saccos are spending the vast majority of their limited IT budgets on acquiring and rolling out the technological infrastructure but leave little to secure and maintain the networks.

The number of saccos spending between Sh500,000 to Sh1 million on modernising IT systems had risen by 27 percent last year from 14 percent in 2019.