NDEMO: Why we should worry about cyber security

The Internet has become very important in our daily lives that we sometimes wonder how the human race survived without it.

Most importantly, it is transforming economies. Most people have become dependent on the Internet in virtually all of their communications.

However, the more we leverage on Internet for economic activities, the more vulnerable we become. Criminals are stealing our data and using the same to stealthily pilfer client accounts in banks and other online institutions.

There is an emerging hidden data economy, a market place for stolen digital information. Data is what drives the digital economy.

The commercial market for personal data is booming, with large databases of subscriber information driving up the enormous valuations of those companies that own it, even though many have yet to turn a profit.

As the commercial value of personal data grows, cybercriminals have long since built an economy selling stolen data to anybody with a computer browser and the means to pay.

A May 2015 report from Intel Security Group’s Labs reveals a thriving market for stolen credit and debit card data, stealth bank transfer services, login credentials for: bank account, online payment service, premium-content-service, enterprise network, hospitality loyalty account, and online auction account.

There is reason for Kenya to be worried about the emerging security threats and urgently address capacity, regulatory and aisory gaps.

We built the networks that link us to the outside world and engendered the aent of mobile money. We are on the verge of becoming a cashless society.

The number of electronic transactions increase by the day as banks expand their customer base, government through Huduma Centres is vast moving online, e-commerce is on the rise and every supermarket is gathering customer data under the guise of customer loyalty programmes.

We have effectively established the motivation for cyber criminals to target Kenya. Even more complex is the emerging trend by some software companies that are paying hackers to steal data from users and demanding ransom for the stolen data.

In technical terms, this software is referred to as Ransomware, which prevents or limits users from accessing their system. It forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems.

While these developments are counterproductive to economic enhancement, there is greater good in becoming part of the global new economy. We cannot retreat to old methods of trade.

Rather, we must confront modernity and build sufficient human resource capacity, enhance local and global collaborations as a strategy to reduce cyber threats, develop cyber security aisory services for both the public and private sector, and continuously identify and analyse threats into and out of the country.

Regulatory institutions have an obligation to ensure development of minimum cyber security standards and compliance of the same. Just like the requirement by the Payment Card Industry to subscribe to the Payment Card Industry Data Security Standard (PCI DSS) and maintain a secure environment, we must extend this requirement to all other payment methods.

In addition, it should be mandatory for organisations processing, storing and transmitting valuable information to work with legitimate cyber security providers to provide a secure environment to client data.

Since cyber-attacks on the mobile platform are on the rise, the communications regulator should require that every handset is secured. After all, most of the mobile cyber security software is free.

In essence, the regulator shall be implementing Kenya’s 2013 Cyber Security strategy by providing the leadership and facilitating the country’s growth, safety, and prosperity.

Our presence online will continue to expand as we attempt to increase convenience and efficiencies in service delivery.

The personal and professional lives of Kenyans have gone digital. In effect, we work, live, and play in cyberspace. Industry too is steeped into these modern conveniences.

We use the Internet, computers, and mobile devices everyday to text, e-mail, talk, and link with family and friends through social media.

We do business online on a daily basis, from banking to accessing government services. Digital platforms have made it possible for us to work from anywhere. We must at all times fight cyber threats at all costs.

The importance and value of data cannot be underestimated and data loss is a real risk for organisations, especially as the value of data grows. Thieves get more sophisticated, and internal actors make mistakes affecting data or intentionally steal information.

After interviewing information technology and security professionals around the world to better understand aspects of data exfiltration, Intel Security has concluded that a combination of security tools, response plans, awareness training and education will make organizations more defensible and less likely to suffer from data loss.

The writer is an associate professor at University of Nairobi’s Business School.