Shortage of local experts hampers cybercrime fight as threat grows

Guests during the launch of the 2016 Africa Cyber Security Report, which showed that Kenyan firms lost Sh17.5 billion to cybercrime. PHOTO | SALATON NJAU

What you need to know:

  • Kenya has been listed number 11 among the most vulnerable countries to cybercrime.
  • Internet security firm Kaspersky Lab, in a survey released this week, ranked Kenya as cyber criminal’s top target in Africa.
  • The Cisco report shows that the gap in cyber security professionals grew by three per cent from 22 per cent in 2015 to 25 per cent in 2016.

Kenya has over the past five years pursued an expansive digitisation plan in a bid to improve service delivery in both private and public sectors. This has led to the establishment of such facilities like the world-celebrated Huduma centres that have significantly cut the time and money spent on accessing public services.

However, the growth in digitisation has not been met with a corresponding growth in the number of security experts even as associated threats and the cost continue to rise.

The lack of trained personnel poses the greatest risk in dealing with cyber security threats affecting banks, telecommunication companies and government organisations, showed the 2017 Cisco Annual Cyber Security report recently released.

IT Security company ESET country manager, Teddy Njoroge put the number of cyber security experts in Kenya at less than 1,000, terming the situation as “inadequate and impractical”.

“Kenya has been listed number 11 among the most vulnerable countries to cybercrime. This is due to the advancements realised by embracing technology. There is an added worry on how government, businesses and individual are curbing the cybercrime menace in Kenya,” he said.

“ If we were to allocate at least every 1,000 Kenyans a specialist, we need to have 40,000 cyber security experts.”
Internet security firm Kaspersky Lab, in a survey released this week, ranked Kenya as cyber criminal’s top target in Africa affecting enterprises across networks in a range of business sectors. Kaspersky indicates that the attacks are orchestrated on a large scale.

Over the past few years, faced with the increasing threat by hackers, organisations, especially in the private sector, have increased their cyber security budget, investing in software to detect malware.

But in an environment where cybercriminals burn the midnight oil trying to find ways to bypass such software, and often succeed, the lack of trained staff currently poses the greatest risk. The Cisco report shows that the gap in cyber security professionals grew by three per cent from 22 per cent in 2015 to 25 per cent in 2016.

Without enough cyber security experts, companies are always prone to external and internal attacks that the survey says lead to revenue losses amounting to millions of dollars.

About 29 per cent of companies that faced attacks last year experienced loss of revenue, 23 per cent lost an opportunity while 22 per cent lost customers.

Companies that have put security infrastructure in place lack the ability to launch investigations.

Last year, the study says, about 93 per cent of companies got security alerts, but only 56 per cent of the cases were investigated (where 28 per cent were found to be legitimate) while 44 per cent of the incidents were ignored.

“The fact that nearly half of alerts go uninvestigated should raise concern. What is in the group of alerts that is not being remediated: Are they low-level threats that might merely spread spam, or could they result in a ransomware attack or cripple a network? To investigate and understand a greater slice of the threat landscape, organisations need to rely on automation as well as properly integrated solutions.” the report says.

Security professionals are forced to skip the investigation of alerts because they lack the talent, tools, or automated solutions to determine which are critical and why they are occurring.

Demands

“The information on the attacks may be there, but there is no context, without which a company cannot respond adequately. There is a growing need for companies to have cyber security experts to note or counter these attacks.

Kenya has digitised most of its services and it is necessary for companies and the government to grow professionals to investigate breaches whenever they occur,” Terry Greer-King Cisco director for security in UK, Ireland and Africa told the Digital Business.

“The threats are growing in complexity and many organisations may go for days without realising that they have been breached.” The world is currently in need of two million security experts against the current supply of less than 10,000. Mr Greer said that companies need to align their operations to suit the current cyber security demands and establish a unit, completely detached from the normal IT department, to solely to deal with these attacks.

This is particularly vital considering that the Kaspersky survey discovered a series of untraceable attacks that used legitimate software hide in the computer memory where they are undetectable rather than dropping malware files onto the hard drive.

The approach helps to avoid detection by whitelisting technologies, and leaves forensic investigators with almost no artefacts or malware samples to work with. The attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.

Get it First!

Stay up to date on the editors' picks of the week.

Latest

  1. Five firms fail to block release of Sh145m goods from Mombasa port

  2. glovo

    Glovo dominates food and grocery delivery platforms

  3. Castor oil craze: Is this the elixir of beauty and health?

In the headlines

View All