Nairobi — Increased internet penetration and technological advancements in Kenya have been driving innovation and business growth, but the same innovations are also exposing the public to cybersecurity threats, according to a recent report.
Kenya is losing about 2 billion shillings ($22.8 million) annually due to cybercrime, according to the Kenya Cybersecurity Report 2014, prepared by Nairobi-based information technology firm Serianu Limited.
"Cyber-terrorists, spies, hackers and fraudsters are increasingly motivated to target our ICT [information communications technology] infrastructure due to the increasing value of information held within it, driven by our growing dependence on them and the perceived lower risk of detection and capture ... as compared to more traditional crime," William Makatiani, managing director of Serianu Limited, said in the report released June 11th.
Bank fraud is on the rise as cashless transactions, including internet banking, mobile money transfers, and credit card and check payments, continue to become more popular, the report said.
In 2013 alone, bank customers lost 1.49 billion shillings ($17 million) "through schemes hatched by employees", Makatiani told Sabahi. "[The bank employees] took advantage of the online and mobile banking platforms to temper with the web systems in their respective banks to siphon out the cash."
Another cybercrime on the rise involves hackers gaining access to businesses' private branch exchange (PBX) phone systems to make unauthorised calls, leaving the business owner liable for payment, the report said.
"The introduction and increasing popularity of internet telephony (Voice over IP - VoIP) services has led to the majority of PBX [systems] used by Kenyan organisations to have internet connectivity where traditionally they did not," the report says. "This has increased the number of attack vectors available to be exploited where they have not been secured."
VoIP hackers seek to obtain passwords and account registration details, enabling them to make calls, eavesdrop on conversations, disrupt phone calls and access sensitive information.
The report also found that there has been an increase in cases of cyber espionage.
"Cybercriminals either sponsored by states or individual organisations are using highly sophisticated and carefully constructed methods to gain access to a network and steal information quietly," the report says. "There is also the threat of competing organisations using cyber espionage attacks to gain information from their competitors."
New online services launched by the Kenyan government are also at risk, according to Makatiani, including the Integrated Financial Management Information System, the Kenya Revenue Authority's iTax system and the Kenya Trade Network Agency (KENTRADE).
Makatiani said that in 2013 the number of cyber threat attacks detected in Kenya grew by 108% to 5.4 million attacks compared to 2.6 million attacks detected in 2012.
"Kenya is a soft target for these attacks because 85% of all web applications in the country are unsecure and available for attacks," he said.
Public-private collaboration key to tame cybersecurity threats
Kris Senanu, chairman of industry lobby group Telecommunications Service Providers of Kenya (TESPOK), called for a stronger partnership between the government and the private sector in order to build an adequate response to the growing threats.
"The internet is becoming a critical pillar of our economy and social life, therefore we must work together to make it safe," he told Sabahi.
Senanu called for public and private institutions to commission a study on emerging cyber threats in order to develop the necessary security programmes to mitigate the risks.
He said corporate and government organisations should also integrate security solutions that protect their critical data when setting up their ICT infrastructure.
"We should also train more information security experts to be able to ensure that we have well-trained personnel that can help secure our ICT infrastructure as well as co-ordinate response to cybersecurity threats," he said.
For his part, Principal Secretary in the Ministry of Information, Communications and Technology Joseph Tiampati ole Musuni acknowledged the rise in cybercrimes and said the government was working to address these emerging threats.
"Cybercrime is killing innovation in the ICT [industry] and discouraging investments," he told Sabahi. "But going forward we are launching a National Cybersecurity Strategy that will act as a solution to these emerging crimes trends."
He said the strategy includes the formation of the Kenya Computer Incident Response Team Co-ordination Centre, which will offer advice both to government agencies and the public on cybersecurity matters and is expected to be operational by August 2014.