Companies

Low cyber security budgets expose saccos to fraudsters

serianu

Serianu Chief Operating Officer Joseph Mathenge (left), 2NK Sacco CEO Ann Kinyua and Serianu CEO William Makatiani discuss contents of the 2019 sacco cyber security report last week. PHOTO | COURTESY

Most savings and credit co-operative societies (saccos) in the country do not have a cyber security strategy to deal with evolving cyber crime risks, raising questions about safety of customer deposits from tech-savvy fraudsters.

A survey of more than 150 companies by tech consultancy firm, Serianu, shows that 60 percent of those surveyed had no real strategy in place to tackle cyber crime while 84 percent had no formal standards for IT governance at their institutions.

The report, dubbed “Digital Transformation and Cyber Risk within Saccos” also shows that most of those surveyed (44 percent) set aside Sh100,000 or less as part their annual cyber security budget.

A further 36 percent of firms invested between Sh100,000 and Sh0.5 million in cyber security while six percent of the surveyed saccos invested at least Sh1 million this year.

“Our review found that the overall understanding of IT governance and approach varies and ranged from good knowledge and practice, to being highly dependent on external support from IT service suppliers and third party consultants who provide both IT services and assurance,” Serianu says in the report.

Saccos have since last year lost more than Sh70 million to hackers, underlining the high risk facing billions of shillings held in customer deposits and savings.

Last year, cyber criminals hacked the databases of Safaricom Sacco, Bamburi Sacco, Stima Sacco and others, leading to the loss of millions of shillings.

Three people said to have been behind the crimes were arrested in Nairobi’s Dagoretti area in November.

“Over the past 12 months we have noted an increase in mobile banking fraud targeting saccos,” the report adds.

Hackers steal passwords by installing malicious software and then making unauthorised changes to customer accounts.

A low number of cyber security professionals in the country compounds the struggles by financial institutions to secure customer savings and ensure confidentiality of data.

A recent report showed that the gap in cyber security skills is at an all-time high, with an estimated 1, 800 professionals serving 47 million people.

In August this year, hackers gained access into the database of Nyeri-based Biashara Sacco and sent text messages to 2,000 members to withdraw their funds, saying it would be shut down, causing wide-spread panic among the more than 120, 000 members.