East Africa: Enhancing Cybersecurity Intelligence for a Secure Digital Ecosystem

24 September 2019

When it is globally appreciated that there is a shortage for trained cybersecurity professionals, Kenya only has about 1600 trained cybersecurity experts against a potential 51.1 M users of the net, as reported by the Communications Authority of Kenya.

I speak to Ron Green, the Executive Vice President of MasterCard and the Chief Security Officer Globally, who while visiting Kenya is hard hit by the reality of the need for cybersecurity experts. He refers to this as a global phenomenal.

His major concern is that anyone and everyone is prone to cyber attacks at any time in their lives, regardless of age and occupation just as long as they can access the internet. He is convinced that going forward, more efforts must be deliberately put into cybersecurity trainings to grow the number of experts in that space thus enhancing security online.

Cybersecurity

Ron defines cyber as the manner in which people interact with the internet and how they do digital transactions using technology to achieve certain aspects of life. He notes that cybersecurity is the art of ensuring that all that is done in the cyber space go without any malicious attacks of any form of threat to do so.

"In a physical analogy, protection against cyber-attacks or simply cybersecurity is the wall that protects against the loss of digital currency and any other digital assets, so ideally, 'what is mine stays mine," says Ron Green.

Closely tied to cybersecurity is vulnerability, threat and attack in the cyberspace.

Ron describes a vulnerability as a weakness for an attack or an opportunity that someone can actually access data without consent also a loophole that would facilitate for such. He calls an attack the advantage of the loophole or heeding the opportunity of a vulnerability whereas he says a threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general.

Threat intelligence

Due to the numerous cyber threats, threat intelligence is a vital element of life on the net as inputs the global cybersecurity lead at MasterCard.

He says; "Threat intelligence taking note of what vulnerabilities actors target and the capabilities and how active the threat actors are and what they like to do. Providing a mitigation against that in a more informed and decisive and accurate method is threat intelligence.

To acquire threat intelligence, Ron opines that one requires reliable sources of threat information to make a determination. Access to prior reports and incidences where a gang broke into the window in order to steal information. An analysis of such patterns helps mitigate against future attacks.

"When an attempted or actual attack is seen in different companies, analysis will point out towards the vulnerability or reason of attack and offer protection against it," adds Ron. Adding "So as an individual or organization, attack history helps one protect against vulnerability by securing the loopholes from which the likelihood of an attack would arise owing the history of other attacks on organisations and or individuals."

Forms of Cyber attacks

The most popular or most impacting forms of attacks include cash-out schemes.

"These are highly choreographed, global fraud schemes, in which crooks hack a bank or payment card processor and use cloned cards at cash machines to fraudulently withdraw money," says Ron apparently frustrated at the mention of the attack. Adding; "It typically shows the ingenuity of global collaboration across a huge spectrum of people in order to have it succeed."

He further notes that such attacks take fraudsters a lot of coordination across the globe requiring a level of trust to get monies out of the machines.

Other than that, he also enlists an attack he calls interesting; the structured malware that he points as a cause of havoc and destruction of property. He says that not all attackers want to fraud, some are driven by malicious reasons to just destroy information.

"So as security experts we should not just think of fraudsters as a major focus but also think about malicious structured malware that could cause massive problems." Ron Green

He adds that there are a myriad cyberattacks and that people should practice cyber-discipline to avoid attacks as it is easier to prevent than mitigate cyberattacks.

Secure your customers

Ron tells me that MasterCard implements a number of measures to ensure customer safety.

He says; "As a part of the Payment Card Industry (PCI) Council that comes up with a standard set of compliance for the usage of payment cards, MasterCard develops the standards for operation that seals any potential vulnerabilities to our customers and their customers regarding card payment card transactions."

MasterCard helps customers analyze or look for opportunities of maturity guards with their third party vendors, that are a vital part of the overall company's ecosystem.

He gives an example of HPLC vendors that albeit do not deal with data, get access to company data and networks. If compromised and because they have access company networks, may not compromise you directly but through the channels. So as much as you're protecting yourself, also ensure that the others who plug into you also protect themselves because they get to compromise your security if not well protected.

"You can spend all the money in the world to protect your company but if you have to rely on another entity for a service or product the you've got to secure such as well or else your company protection is as good as dead." Ron Green.

Self-protection

Ron endorses that 80% of security talks today is about how one secures themselves on the net. Some of the major internet safety practice include using different passwords for different sites accessed online.

Credential stuffing that is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts has been used frequently to gain unauthorized access into personal information, what has brought so much havoc as Ron says.

"If you use a similar username password for your email and say FB account and for any other accounts say for online banking, then that credential can be stolen and the attackers can try match it to access your other accounts. More often they get access and succeed in credential stuffing." Ron Green

He urges people to be very careful how to use passwords and not to repeat one password in order to avoid such attacks.

In his parting shot, he informs me that he is looking forward to work with people from all walks to help grow cybersecurity expertise globally and encouraged students to heed cybersecurity space appreciating it like a career opportunity.

e Executive Vice President of MasterCard and the Chief Security Officer. In his day to day practice, Ron oversees cybersecurity across the globe albeit as a MasterCard employee.

See What Everyone is Watching

More From: CIO

Don't Miss

AllAfrica publishes around 700 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.