Kenya was recently viciously shaken by a series of cyberattack incidents that nearly threatened to ground the economy to a halt, triggering engagements between sector experts and executives on the need to review existing defence mechanisms.
The attack on Kenya, allegedly by a group of hackers only identified as ‘Anonymous Sudan’, hit the core of the financial systems with M-Pesa, a mobile service fast turning into an artery for the circulation of money in Kenya’s economy, being affected.
The other major disruption happened on the government services portal, e-Citizen.
Since the attacks happened, subsequent debates among industry experts and business managers have revolved around looking at the loose ends that need to be tightened.
Cyberspace experts have pointed to a sluggish tendency by organisations to downplay budgetary proposals forwarded by their online security teams.
“I hope cybersecurity budgets will not be shot down in boardrooms any more. I hope proposals will now be considered when professionals have services to offer, and I pray that some of these are given to local talent,” says cybersecurity engineer and researcher Bright Gameli Mawudor.
Richard Muthua, executive head of cloud and cybersecurity at Liquid Intelligent Technologies, stresses the importance of investing in solid online security strategies.
He says additional resources should be directed towards staff training and the creation of visibility into the risks of cybercrime.
Mr Muthua opines that incurring the cost of installing preventive measures is way more desirable than contending with the cost of fixing damage caused by attacks.
“Recovering from a successful attack is expensive in terms of downtime, reputational damage, potential legal costs and a loss of trust across customers and partners,” he says.
“Some attacks, such as ransomware, also prevent businesses from accessing critical data, bringing the entire operation to a halt until the ransomware has been removed. Many companies opt to pay the ransom, and this adds even more zeroes to the cost of an attack.”
Mr Muthua observes that many businesses don’t realise that when their systems are compromised, the data they hold can potentially be used to orchestrate more profitable attacks as the hackers use the information to gain access to other organisations, especially those that they do business with.
Head developer at GIT Software Solutions Gathirwa Irungu says the allocation that an organisation apportions to securing its cyberspace shows its commitment towards protecting customer trust and business continuity.
“In assessing the allocation of organisational budget for securing cyberspace, it is imperative to recognise the gravity of cyber threats in today’s digital landscape. While the exact fraction may vary depending on the industry and organisation’s size, experts recommend dedicating at least five to 10 percent of the overall budget to cybersecurity initiatives,” says Mr Irungu.
But why are companies reluctant to fund their lines of defence in cyberspace?
“It’s a classic case of overconfidence bias, where many executives simply think ‘that won’t happen to us’.
“Given the normal day-to-day challenges, it’s easy to ignore risks that feel hypothetical – until it’s too late,” says Matt Williams, chief executive of dialysis care provider Africa Healthcare Network.
Mr Williams says executive teams need to be constantly reminded of the importance of cybersecurity through relentless awareness campaigns.
He says whereas there exist benchmarks such as 15 to 20 percent of total IT spend dedicated to cybersecurity, the reality is that effective controls must be embedded into all software programs and company systems.
“It’s part of the fabric of the organisation, rather than a budget line item. All employees must be trained to stay vigilant, as it’s not just the responsibility of the IT department,” says Mr Williams.
