COUNTRY FOCUS
COUNTRY FOCUS
cybersecurity professionals serving a
populace of about 37.5m Kenyans
online. This means that organisations
barely have enough professionals to
secure Africa’s largest single mobile
digital market.”
Cybersecurity must become
a priority
According to Internet World Stats report,
in March 2017, Kenya had 37,718,650
Internet users, contributing to 10% of
Africa’s total Internet users and coming
second only to Nigeria, with 93,591,174.
Despite the large number of Kenyan’s
using the Internet, Njoroge describes
the lack of awareness regarding
cybersecurity as “alarming”.
Kenyan enterprises do not currently
see cybersecurity as a priority; a 2016
research report by Serianu found that
96% of organisations surveyed spent
less than $5,000 on cybersecurity
related products and services.
The growing threat
of cybercrime
Brian Pinnock, Cyber Resilience expert,
Mimecast, says Kenyan enterprises
are lagging in their efforts to increase
security provisions: “One of the most
critical challenges facing Kenyan
enterprises is the lack of cyber risk
awareness among employees and
clients who use technology. This opens a
backdoor into many organisations cyber
defences that attackers can exploit.”
For this month’s country focus, Intelligent CIO
talks to security industry experts about what
makes Kenya vulnerable to cyberattacks and the
preventative steps organisations can take
to protect themselves.
T
he recent global ransomware
cyberattack, WannaCry, has
brought security to the forefront
of discussions and although Africa was
largely spared, the Communication
Authority of Kenya has confirmed that
19 Kenyan firms were hit by the virus.
Cyberattacks in Kenya are unfortunately
not a novelty; a report by Deloitte
38
INTELLIGENTCIO
revealed that Kenya lost an estimated
$171 million to cybercrime in 2016
and the company predicted cybercrime
incidences were due to rise in 2017.
The report assigned the country’s
vulnerability to below average ICT
infrastructure, increased Wi-Fi networks,
integration of company systems and the
use of mobile devices for private and
business purposes.
Teddy Njoroge, Country Manager ESET
East Africa, says that although Kenya
can’t be categorically assigned as the
most vulnerable to cyberattacks in East
Africa, it has been hit the hardest in the
last two years and suffered the largest
loss compared to Tanzania (about
$85m) and Uganda ($35m). He says: “It
is important to realise that Kenya houses
the largest mobile money transfer
www.intelligentcio.com
market in the world. Moreover, there is
a marked increase in the digitisation
of legacy businesses in Kenya, compared
to other East African countries. This
is in part due to the growth of mobile
money in the region and the increase
in IT technical skills within the nation
as well. This makes it a prime target for
cybercriminals. A daunting statistic is
that in Kenya, there are about 1,500
www.intelligentcio.com
Research conducted by Serianu, titled
‘2016 Kenya Cyber Security Survey’
found that 93% of respondents
are concerned by cybercrime and
a staggering 71% of respondents
have suffered from a cyberattack in
the last five years. The survey covered
a vast array of sectors, including
government, healthcare, banking,
telecommunications and financial
services and respondents consisted of
professionals in technical roles – CIOs,
chief security officers and IT managers
– and non-technical roles – senior
executives and board members.
The survey identified an unwillingness
to report cybercrimes as a gap in
A daunting
statistic is that
in Kenya, there
are about 1,500
cybersecurity
professionals
serving a
populace of
about 37.5m
Kenyans online.
This means that
organisations
barely have
enough
professionals to
secure Africa’s
largest single
mobile digital
market.
cybersecurity in Kenya; reporting your
organisations vulnerabilities could result
in lost custom from those who are
reluctant to do business with companies
whose cybersecurity policies aren’t up to
scratch. Both a consequence and cause
of this is immature cybersecurity bills
and laws.
Proactive steps to tighten policies have
seen the Computer and Cybercrimes
Bill, 2016, drawn up. The bill, aiming to
be fully approved by the end of 2017, is
designed to target money laundering,
phishing, cyber-stalking, online fraud and
illegal access, amongst other things. It
will focus on improving investigations
into cybercrimes by outlining offences
and investigation procedures as well as
imposing hefty penalties for those found
INTELLIGENTCIO
39