Kenyan firms hiding cyber-attacks: Immaculate Kassait


Data Protection Commissioner Immaculate Kassait at a past event on March 29, 2023. PHOTO | WACHIRA MWANGI | NMG

The Office of Data Protection Commissioner (ODPC) has urged institutions to stop covering up when they experience cyber-attacks, even as it expresses worry over a serious shortage of professionals in the cybersecurity profession, at a time when the country is witnessing an increase in using cases of online attacks.

Data Commissioner Immaculate Kassait noted that many institutions are still hiding the fact that they are facing attacks from cyber-criminals in their digital operations, even as it becomes difficult to sustain cybersecurity professionals due to competition in the industry.

“We are still scared of talking about cybersecurity to the extent that when you are hit you sit in a corner and hope nobody else discovers. Then your neighbour is hit and sits in a corner. Time has come to admit that there is nothing shameful about declaring that you have had a cyber-attack,” Ms Kassait said.

The Data Commissioner, who spoke while overseeing the launch of a cybersecurity training center at the Riara University during the weekend, expressed the need for institutions utilising the digital space in their operations to assess their systems to improve security.

“In terms of cybersecurity, we have a serious capacity gap as a country. Getting cybersecurity officers is almost impossible. As we continue to automate, it’s important to make sure that our cyberspaces are safe,” Ms Kassait said.

Riara University launched the cybersecurity training centre to equip professionals with skills to mitigate against cyber threats, at a time when cyber-attacks on public and private institutions, academia and even businesses continue to grow, as more Kenyans utilise the digital space for transactions.

The University Vice-Chancellor (VC) Robert Gateru said the centre was going to train high-level professionals in the public and private sectors, equip businesses in the different sectors with skills to mitigate against cyber-attacks and support the government in putting in place effective cyber-attack preventive measures.

“Cybersecurity is a concern for all sectors of the economy, there is no sector that is safe from cyber threats, whether it is government, private sector, academia or even individuals. Our main target initially is to work with the private sector where a lot of companies have put up cyber security through their own mechanisms but many of them are not strong enough and also working with the government to enhance their capacity to defend our national interest against cyber threats,” Prof Gateru said.

The VC noted that most institutions were just addressing basic cyber threats in their mitigation efforts, which puts them at risk should they face serious cyber-attacks.

The Communications Authority of Kenya (CA), in the latest cybersecurity report, noted that while cyber threats detected in the three months to the end of September dropped by 11.36 percent to 123.9 million, attacks on web and mobile applications which have serious implications grew, affecting key services including government’s eCitizen platform.

“During the three-month period between July to September 2023, the National KE-CIRT/CC detected 106,603 web application attack attempts targeting critical infrastructure service providers. This represented a 35.95 percent increase from the last period April to June 2023,” the Cybersecurity Report observed.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.