Why Kenyans should take cyber security seriously 0 2174

  • Cybersecurity can contribute immensely to the creation of quality employment opportunities for Kenyan citizens.
  • Kenya is yet to embrace any effective data protection regulations and the consequences are pretty evident in the Kenyan digital economy.
  • With the increased terrorist activities within Kenya, the Internet presents national enemies such as the Al-Shabaab and other extremist groups with a unique and ubiquitous opportunities.
Kenyan cyber security

There is no simple way to say this. Cybercriminals are pilfering Kenyans blind. The latter statement has been evidenced by the statistics present in the recent Cybersecurity Report published by Serianu, which asserts that Kenya lost about $175million last year. Moreover, the Report managed to establish that cybercrime perpetrators are deliberately targeting the Kenyan digital economy with the intention of wreaking havoc and making away with millions.

In terms of cyber resilience, the Kenyan digital economy can be likened to a slow, plump gazelle stumbling through the “cyber-savannah” in the full view of agile, informed and hungry cyber-predators who have begun to sink their teeth into their sumptuous prize.

Another daunting revelation is that organisations which have suffered substantial data breaches (which include reputable banks, insurance companies and SMEs) have decided to remain mum, much to the detriment of their clientele whose actual data is exploited for monetary gain by cybercriminals.

Regardless of the increased cybercrime incidents within the region, the state of Kenya’s digital economy is indeed on the rise.

Thanks to the concerted efforts of the private and public sector in creating an enabling environment, statistics published by the Communication Authority of Kenya in the first quarter of the 2016-2017 financial year highlight that the internet penetration rate in Kenya is at a robust 85%, with over 37 million internet subscribers who exchange data over various internet-based platforms.

These glowing statistics indicate the notable confidence in the quality of service provided by various digital companies. The latter can be attributed to the numerous marketing campaigns designed to reinforce consumer trust in digital services, but can Kenyans really trust good PR routines when it comes to the safety of their data?

The internet penetration rate in Kenya is at a robust 85%, with over 37 million internet subscribers Click to Tweet

What is in it for Kenyans if they begin to take their cyber security more seriously?

1. Jobs, Jobs and more Jobs:

Unemployment is a major challenge that affects youth across Kenya. Approximately 800,000 young Kenyans enter the labour market every year and youth unemployment is estimated to be as high as 35%, compared to the overall national unemployment rate of 10%.

Furthermore, 80% of unemployed Kenyans are below 35 years old. Notably, However, 70 per cent of the employed lot are under paid hence unable to take care of day-to-day needs. Thus, it can be demonstrated that unemployment will remain a thorn in the flesh until quality jobs can be created to further the development of the Kenyan populace.

Cybersecurity can contribute immensely to the creation of quality employment opportunities for Kenyan citizens.

Per the Kenya Cybersecurity Report, published by Serianu in 2016, the current number of internet subscribers stands at 37,716,579 users who are in turn served by only about 1400 certified cybersecurity professionals (these professionals are categorised as individuals who have attained CISA, CISM, GIAC, SANS, CISSP, CEH, ISO 27001 and PCI DSS QA certification).

Teddy Kungu, Country Manager of ESET East Africa has been famously quoted for stating that each cyber security professional in Kenya serves a population of at least 280000 citizens.

Per a 2003 study carried out by Deloitte Touche Tohmatsu (DTT), it was recommended that ideally one information security professional should serve every 1000 general users.

Not only does it makes sense to fill the demand for cybersecurity specialists, it also makes a lot of cents.

Jobs in the field of cyber security are outpacing job creation in the IT industry and can pay up to $6,500 USD more annually, or almost 10% more, than the average salary of average IT workers.

While many job positions in cybersecurity will require additional certifications, such as the CISSP, it’s far from impossible to migrate into a security position from other IT focuses. For newcomers to the IT field, there is also room to start out on a cyber security career path beginning with an entry level role as a security analyst.

2. Tougher Protection Regulations will Protect Citizens

Kenya is yet to embrace any effective data protection regulations and the consequences are pretty evident in the Kenyan digital economy.

Institutions handling sensitive data, such as banks, insurance firms and hospitals have no legislative obligation to disclose any data breach incidents to their unsuspecting clients.

The latter has contributed significantly to the web of secrecy spun around the value and occurrence of cyber crime incidents within Kenya. Kenya needs to note that clandestine behaviour only favours cyber criminals who thrive in markets that suffer silently.

Notably, most cyber crime occurrences chiefly affect the constitutional rights of consumer protection and privacy, significantly injuring the citizens.

With the enforcement of the General Data Protection Regulations in Europe, which compel institutions to disclose data breaches which affect EU citizens and non-EU citizens alike within European data centres, cyber criminals may be forced to seek greener pastures to ply their trade.

Kenya is a prime target, with immense income potential but not much regulatory and technical might. Cyber crime will continue to escalate in our region if citizens remain indifferent and the Government continues to rest on its laurels when it comes to updating their policies regarding cyber security in Kenya.

3. Cyber-bulling among the Youth needs better safeguards

The dark nexus between education, young minds and inadequate safeguards against cyber aggression has led to truly tragic cases of cyber-bulling within the developed and developing world.

An apt definition of cyber-bulling was coined by the Centre for Justice and Crime Prevention in South Africa which stated that cyber bullying, cyber violence, cyber aggression, internet bullying, electronic bullying, internet harassment or online harassment are terms used to refer to violence and aggression perpetrated through ICTs.

These cruel acts may include the sending of harassing emails or instant messages, posting obscene, insulting and slanderous messages on online bulletin boards or social networking sites, or developing web pages to promote and disseminate defamatory content.

The impact of cyber-bulling is particularly significant among girls.

Per a Report regarding cyber-violence against women and girls, published by The United Nations Broadband Commission for Digital Development Working Group on Broadband and Gender, about 73% of women and girls are abused online.

Kenyans need to act against these occurrences as it is in their best interest to protect the dignity of their women and children whilst enjoying digital services.

4. Children Need to be protected from Radicalisation and the Internet

With the increased terrorist activities within Kenya, the Internet presents national enemies such as the Al-Shabaab and other extremist groups with a unique and ubiquitous opportunity to access the susceptible young minds of our children to plant their vindictive perceptions of society.

Dr. Quintan Wiktorowicz, an internationally acclaimed expert on national security engagement and counter-terrorism produced a radicalization process model which highlights the initial need for a cognitive opening.

For the process of radicalization to achieve success, there must be an avenue to connect with a person who is receptive to the possibility of new ideas and world views. He highlights that insofar as the nexus between digital connectivity and radicalism is concerned, impressionability is vulnerability.

Impressionability is vulnerability. Dr. Quintan Wiktorowicz Click to Tweet

It is thus vital that whenever digital devices are availed to children safeguards should effectively be put in place. This should be widely adopted by Kenyan families through parents and legal guardians whose societal duty is to preserve the morality of their children.

Ignorance Injures Kenya’s socio-economic development

In one of Mzee Jomo Kenyatta’s landmark speeches, he famously stated that there existed three enemies to the Statehood of Kenya; the first was poverty, the second : disease and lastly: the plight of ignorance.

The ignorance of the impact of cybercrime within Kenya has already cost the nation millions of dollars and it threatens to exploit the data footprint of past, present and future generations. Kenyans must recognize the incentives of standing up for their data security and accept their role as guardians of their own information.

In order to enjoy safer technology, we must understand that security begins with you and me.

Previous ArticleNext Article

Secure Videoconferencing: The Basics 0 860

Woman working at home on laptop

With COVID-19 concerns canceling face-to-face meetings, be aware of the security risks of videoconferencing and how to easily overcome them

As a way of controlling the spread of the COVID-19 pandemic, several countries have been forced to impose a lockdown on its citizens bringing normal operations to a near stand-still. Consequently, a considerable percentage of the working population has turned to remote working, a chunk of it for the first time.

This has spiked up the demand for video conferencing services, chat systems, and online collaboration tools to serve the increasing number of students, employees, and teachers, among other experts working from home.

By 11th March 2020, Kentik―a San Francisco network operator— had achieved a 200% increase in video traffic within the provided working hours in Asia and North America. Even before the start of the official lockdown in California.

In the same vein, the UK Prime Minister chaired a cabinet meeting via zoom, which communicated the government’s appeal for social distancing through the use of video conferencing. His actions, however, brought about several questions regarding the security of the communication.

But with a quick rejoinder, the UK’s National Cyber Security Centre pointed out that such communications shouldn’t cause any worries if they are below particular classifications. Accordingly, companies have developed confidence in the technology; therefore, are utilizing it to communicate with their remote workers.

Nevertheless, as an employee (or typical user), you need to understand the technology’s built-in security options, as well as control features before using it. Here we provide you with some primary considerations. Let’s dig in!

Your immediate surroundings

For you to realize a smooth and quality video conferencing experience, it is essential to cordon off your working space to prevent in kind of interruptions that might occur while in session; for instance, from your kids, better half, or even pets.

Besides, ensure that your working area is devoid of any sensitive or confidential information/material that can be captured by the camera.

Limit access

As you may be aware, a lot of video conferencing platforms allow the creation of multiple user groups to enable the providence of internet domain according to specific criteria; for instance, the use of company email address to join a video call.

Or offer access to a limited number of people whose email addresses have been invited or scheduled for a call.

As such, when creating a meeting, you can enable the set a meeting password option that creates a randomly generated code for your invitees to input before joining a conversation. Similarly, you can authenticate those using phones by the use of a numerical password. However, avoid embedding the password in the meeting link.

As an organizer, you can hold your participants in a “waiting room,” as you approve them one by one, which gives you full control over whom to allow or deny access. In case you have a large conference, you can delegate such duties to your trusted attendees.

File transfers and communication over the net

As a rule of thumb, always ensure that your end-to-end communication is encrypted. Do not assume that this option is the default for video calls since a few services may require you to request encryption.

If the third-party endpoint client software is permitted, ensure it abides by the requirements of the end-to-end encryption.

What’s more, consider limiting the types of documents you can send across the net; for instance, avoid transferring executable files.

Manage the attendees, as well as the engagement process

Often, your attendees will be distracted by notifications, pop-ups, and emails, among other things, when attending your conference calls. Therefore, as a host, you can request notification from your service provider if your conferencing client isn’t the primary or active window (depending on your platform). For instance, if you are a tutor, you can use this feature to get the attention of all your students.

You can also monitor those who joined the call by downloading the attendee list at the end of the call. Or request attendees to register before being connected.

Limit screen sharing capabilities

As the host, the sole responsibility of controlling screen sharing remains only yours, unless you delegate it to someone else that you trust. This eliminates any chances of an individual sharing content by mistake.

Importantly, only share the required application rather than the whole desktop when screen sharing. This is informed by the fact; even the name of a file or Icon can divulge sensitive company information.

Final thoughts

To ensure the security of your company communications, take time to consider all the available options security settings on your video conferencing system (or one you intend to use) settings. Importantly, take a look at the privacy policy of the service you intend to use to prevent the selling, sharing, collection, or re-use of your data.

In case you require more advice and endpoint client software for your video conferencing needs, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software.

Try our extended 90-day trial for free.

Coronavirus con artists continue to thrive 0 808

Man working on laptop

The scam machine shows no signs of slowing down, as fraudsters continue to dispense bogus health advice, peddle fake testing kits and issue malware-laced purchase orders

As the Coronavirus pandemic continues to escalate, more companies are now shifting to remote work as a way of containing the spread of the disease. Similarly, lockdowns and travel bans, among other stringent measures, have become the order of the day across several nations. And to worsen the situation, there is a massive shortage of the required medical kits.

Such a crisis provides fraudsters undue advantage over a vulnerable lot that is financially destabilized, as well as emotionally drained as a result of the pandemic. 

In this case, you would likely receive fake updates regarding the pandemic, as well as non-existent offers for personal protective equipment, among others. Likewise, if you’re a business, you would certainly receive faux purchase orders and payment information.

Fortunately, as a follow up to our previous article about the ways scammers are exploiting coronavirus fears, we provide you with a few examples of the new campaigns aimed at stealing your money or personal information. To enable you to keep your guard up. Shall we?

Fake news/information

As the virus continues to escalate, more people are currently searching for practical information on how they can protect themselves. As a result, scammers have conveniently positioned themselves as the true COVID-19 information “crusaders” by impersonating well-known health organizations, such as the World health organization.

Don’t act surprised if you receive an email (containing an attachment) supposedly coming from a reputable health organization offering you “vital information” on how you can protect yourself from the disease.

For instance, our research team identified one such file containing a Trojan designed to steal personal credentials.

Apart from the WHO, fraudsters are also impersonating the US Centers for Disease Control and Prevention (CDC). Accordingly, the FBI has given a warning about scummy emails mainly riddled with malware-infested attachments and links purporting to originate from the CDC.

 To reduce the number of people falling for such schemes, the WHO shares examples of its official email addresses and methods of communication on its website.

Urgent purchase orders and late payments

Owing to the increased pressure from governments to reduce the spread of the virus, Companies, as well as factories, have been forced to streamline their operations according to the current situation. As an example, companies to integrate work from home modules, while factories to either increase or reduce their production capacities depending on their products.

Such erratic changes have brought about a climate of uncertainty that offers fraudsters a thriving environment.

In this case, as a factory owner or executive, be on the lookout for “urgent purchase orders” from “company representatives.” Since this fake orders come from scammers who want to make a kill out of your desperation of making some revenue before things go south.

Sadly, if you download such “urgent orders” (usually in attachments), your PC will be installed with malicious code designed to steal your details.

Below is an excellent example of such an “urgent order”:

Similarly, you would receive a “proof of payment” for you to take care of the order. However, like the last example above, instead of receiving a bank statement, the attached document contains a Trojan injector.

High demand products

A massive increase in demand compounded with an inadequate supply for essential protective items, such face masks has created another avenue for scams.

A typical example of such a scam involves a fraudulent site that is offering “OxyBreath Pro” face masks at a reduced price. These can lure you since there is a shortage of masks, and what is available is highly-priced.

However, if you click on the provided links, you’ll be at risk of exposing your sensitive personal information to the scammers.

Bogus testing gear

The unavailability or short supply of medical kits for testing folks for the virus has also attracted fraudsters in droves.

For instance, the existent low supply of masks, respirators, and hand sanitizers, among other necessities, has prompted scammers to impersonate medical officials.  So that, they can provide non-existent or fake COVID-19 test kits, as well as illegitimate “corona cures.”

As an illustration, more than 2000, links associated with fake coronavirus products have already been identified. Similarly, law enforcement bureaus alongside other relevant bodies have been able to seize US$ 13 million worth of potentially hazardous pharmaceuticals.

To contain these despicable actions, the U.S. Food and Drug Administration (FDA) has issued warnings that it hasn’t allowed the sale or purchase of coronavirus self-testing kits; therefore, it is currently bursting such sellers.

Final thoughts

In a wrap, what we have shared is a representative of the many current fraudulent campaigns doing rounds in our media spaces due to the prevailing situation.

Thus, it is critical to maintaining high alertness to avoid falling victim to both the COVID-19 pandemic, as well as the ensuing scam epidemic escalating through the internet. To keep yourself safe from the scams, you can practice the following basics:

  1. Avoid downloading files or clicking on links from unknown sources
  2. Never fall for unrealistic offers or order goods from unverified suppliers. You may also make a point of checking out the purported vendor’s reviews
  3. Invest in an excellent endpoint solution which can shield you from phishing attacks, as well as other forms of scams
  4. If an email suggests coming from a reputable organization, double-check with the firm’s website to confirm its authenticity

If you require consultation, as well as endpoint solutions for your cybersecurity needs, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software.

Try our extended 90-day trial for free.