Sealing new loopholes in war against cyberattacks

In 2017, Kenya’s digital economy lost Sh21.1
In 2017, Kenya’s digital economy lost Sh21.1 billion to cybercrime. FILE PHOTO | NMG 

As this year comes to an end, more companies and government agencies are thinking of proactive mechanisms of mitigating cybercrime, a menace that has caused enormous economic harm to Kenya.

As they prepare for 2020, most firms are aware that the biggest cyberattacks are orchestrated during the last three months of the year, when people’s minds are are occupied by holiday trips and making merry, according to research.

Traditional cybersecurity measures are increasingly being rendered ineffective in an era where cyber attackers have devised new and more dangerous online weaponry to pilfer critical data and money. This has pushed cybersecuiry experts to strive to design systems that stay ahead of the criminal elements.

The year has witnessed advances in Artificial Intelligence (AI) and Machine Learning (ML) by global experts who deploy real-time data and analytics to build stronger firewalls in an evidence-based ecosystem.

During the CIO 100 Symposium event held at Lake Naivasha Resort recently, cyber threat intelligence was identified as the best approach for organisations to gain evidence-based knowledge about threats and build effective defenses to mitigate the risks that could damage their reputation or bring them to their knees.


“Intelligence in cyber security involves staying a step ahead of cyber attackers, scouting for malicious leads and analysing them to better secure your data,” said Mr Niall MacLeod, Director of Solutions Architecture in Europe, Middle East and Africa at global threat intelligence leader Anomali.

Just like police intelligence, cyber threat intelligence monitors potential sources of security breach, evaluate, analyse them and advise IT security departments on best actions. This process requires more data science skills as ML is the key driver for accurate analysis that reduces false positives.

“We normalise disparate sources and enrich them with additional threat context. This helps us give threat analysts decision advantage and improve situational awareness,” he said.

He added that the company is working with commercial banks in East Africa and key government agencies — the major targets for cybercrime — to help thwart attacks before they happen.

The nature of attacks is changing, and most Kenyan corporates seem to be behind these dynamics, as SMEs and Saccos keep committing small budgets for cybersecurity, and end up losing more.

Organisations need pre-emptive measures to ensure a 99.99 percent of uptime, and recover fast enough once an attack lands on their networks.

Many organisations have ditched traditional data storage methods and moved to the cloud. However, while backing up their data offline, other virtual machines gain access to their confidential information.

These attacks come as snares in the form of file hashes, Internet Protocol links, zip files, execution files, applications. Spear phishing, botnets, malware, ransomware, Dedicated Denial of Service (DDoS) and Advanced Persistent Threat (APT) make the cyber security space complex for many corporates.

However, with threat intelligence, these attacks are gathered, automated, investigated and shared among experts to maintain full control of private and classified information.

By with the use of honeypot technology, companies can benefit from real-time monitoring and forensic analysis of security threats happening around them. It is a network-attached decoy system and aims to lure cyber attackers and to detect, deflect or study their hacking attempts.

Mr MacLeod demonstrated how a new software — Anomali Lens— allows anyone, from security operations staff to board members, to automatically and immediately know if their organisations are being attacked, who the adversaries are, and if the attacks have been successful.

“With these key security questions answered, users can make effective decisions about how to respond. With one click, Anomali Lens scans web-based content, detects and highlights all threats identified within, provides easy-to-understand details about the threats and tells users if any threats are already present in their networks,” he said. “It scans web content that includes news, blogs, research, bulletins, SIEM logs, other security logs, IR reports, Twitter and other social networks. Automated threat bulletins created by Anomali Lens are added to Anomali ThreatStream.”

These can then be shared across organisations and trusted circles. Bulletins can also be directly integrated into security controls for immediate blocking, detection and mitigation.

Anomali Lens is supported by advanced natural language processing (NLP) and context-aware detection and is currently deployed as a browser plugin.

Kenya, cybersecurity experts say, is usually used as a testing ground by cyber criminals who want to assess the cyber resilience strength of Africa, before launching devastating attacks in other countries. “Cyber attackers are usually motivated by money and critical information that powers espionage of secret government plans, especially now when geopolitical wars between the East and West are rife,” said, Mr MacLeod.

In 2017, Kenya’s digital economy lost Sh21.1 billion to cybercrime, which increased by 39.8 percent in 2018 to Sh29.5 billion according to pan-African based cyber-security and business consultancy Serianu. Millions of shillings have been invested in cyber security infrastructure.