WITH rapid East African digitisation, every organisation in the region has become a target for cybercrime. Industrial espionage, denial-of-service (DoS) attacks, financial data theft are resulting in money loss and harm to reputation.
The importance of cyber security in Tanzania is increasing due to country's rapid development. More and more businesses and government institutions are conducting their activities online and, therefore, relying heavily on information technology.
Smooth business activity often depends on a smooth functioning of IT infrastructure: inoperative applications, such as financial systems, e-mail or any other kind of database failure may cause many problems, lead to financial loss or even disrupt the activities of an organisation.
Rise in mobile money transactions, increasing importance of data and IT infrastructure's availability also heighten security concerns. Available data shows fraud is raising its ugly head in Tanzania's banking industry, with techno-savvy criminals colluding with bank employees to siphon millions of shillings out of customers' accounts.
Police records show that between 2010 and the first quarter of 2013, cyber fraud-related losses in banks stood at around 9.8bn/- (6.10 million US Dollars).
The police cyber crime unit said between 2011 and 2012, at least 500 Tanzanians were arrested over fraud cases. Norway Registers Development East Africa limited (NRD EA) Chief Executive Officer, Mr Sebastian Marondo, a cyber crime expert says that organisations must start recognising the importance of cyber security for the critical infrastructure and assign cyber security risk management, a priority, similar to financial, safety, and operational risk management.
"Cybercrime is organised as a profitable business, meaning that cyber criminals are not only constantly growing their competence and improving their technological capacity but also considering specialising and cooperating. Therefore, organisations must also be prepared to defend themselves - to have processes, business continuity plans, technology and contracts with providers that can help to neutralise the consequences of an attack and ensure uninterruptable activity of an organisation," Mr Marondo explained.
He explained that cyber security is especially important to organisations if their performance is directly related to information technology operations like banks, energy institutions, telecommunication companies and airports. But not only them - in case of a cyber-attack, business as usual of any organisation that uses IT will be interrupted.
If the organisation is not prepared, the whole office will stop operating - all online transactions inside or outside of the organisation will stop taking place, confidential data will leak, and contracts, client information, ideas and plans will get stolen. Not only will this bring massive financial loss but also harm the reputation the organisation.
"This environment not only helps to unleash the potential of information technology and contributes to global progress, but is also very favourable for digital criminals, who, taking advantage of the weakest link, act globally. East Africa is not an exception. Therefore, being alone and defending oneself separately is no longer possible.
The question is not if cyberattack will happen. It is WHEN? And how ready will the organisation be to respond?" he voiced. According to the 2014 data breach investigations report, data security should matter to you, no matter what is your role in your organization.
Why? Because when you suffer a breach of any kind -- whether it's an attacker skimming customer credit card details, or an employee accidentally leaving a USB key full of blueprints in a taxi, the impact is company-wide. When word of a data breach gets out -- as it often does -- you may face fines and legal action.
Just as importantly, your customers and partners may lose faith in your ability to protect their interests, which can directly impact your reputation and your bottom line. And then there's the further expense of finding out what went wrong, and patching any holes in your defenses. "The costs of a data breach can be enormous.
And it's not just the remediation costs and potential fines; the damage to your reputation and loss of customer confidence could impact your success for years. Many companies never recover from a major data breach," the report reads in part.
According to the Tanzania Computer Emergency Response Team (TZ-CERT) website, it is imperative that leaders acknowledge and respond to the new and intensified threats of computer security flaws. In its cyber security trends for 2014 that it issued, it cited that following the well-publicised mass looting of data from Target Inc. in late 2013, most companies are devoting renewed energy to bolstering their cyber security measures.
The awareness that digital information is at risk extends across businesses of all sizes as well as to private citizens, who have become much less complacent over the past year.
A sense of urgency about digital security is fueled not just by the widespread occurrence of data theft by hackers, but also via the ongoing concern for privacy issues driven by disclosures of extensive National Security Agency (NSA) information gathering.
In response to these threats, companies are taking a variety of steps, and the digital security industry is seeing strong growth and innovation.
The trends include enhanced use of encryption, and more careful attention to the maintenance and proper configuration of existing encryption systems is one of the first lines of defense used to thwart would-be-attackers. Increased scrutiny of internal data use is another common response to Target's woes.
Behavioral analytic technologies allow firms to monitor users within the company as well as end users, remaining alert for suspicious behavior that accompanies theft or attack with malware.