Why Kenya needs to adopt a cyber resilience strategy right away


Kenya is enjoying a tech boom, which is clearly aiding the growth of its economy. However, with digital maturity comes increased risk, and industries often don’t realise that as they digitally transform, cyber threats become more prevalent.

According to the African Cyber Security Report 2016, Kenya is the biggest cyber-crime victim in East Africa, with the country losing $175 million to cybercriminals last year. To address this, the Central Bank of Kenya (CBK) has issued an ultimatum to banks, to present strategies aimed at mitigating cyber risk and creating a more secure cyberspace, by 30 November 2017.

Meanwhile, recent uncertainty around the elections has put cybersecurity strategies on the back-burner.

But while businesses ignore the impending threats, hackers continue to exploit vulnerabilities. In fact, Kenya’s commercial banks recently experienced a cyberattack on their inter-bank transfer platform, PesaLink. Luckily the attempt was intercepted and stopped, saving both cash and customer data, but the attack on the platform could have resulted in the loss of millions. PesaLink currently moves an average of Sh50 million daily.

The fact is that cyber threats are becoming more prevalent and email attacks are on the rise. More than 90% of cyberattacks start in email and while email itself is seldom the end goal for the attackers, over 70% of these attacks lead to other systems in the network. These email attacks predominantly feature techniques such as spear-phishing, ransomware and impersonation of key employees.

Advanced security has become more important than ever and even more specifically a cyber resilience strategy has become essential. This means that organisations should not only combat attacks but ensure continuity during an attack and fast recovery after a threat is neutralised. That’s why Mimecast not only offers security but multi-purpose data archiving and business continuity.

A cyber resilience strategy would have also come in handy when PesaLink experienced a two-week outage, locking customers out of the service, during what the lender attributed to an ongoing upgrade of its software. This resulted in 12 million customers not being able to transfer cash using the platform. The hacking discovery was made during the outage.

Cyber threats and attacks make the news every other day in Kenya, so awareness is building, but strategies need to be ramped up. Organisations must realise that waiting for election instability to settle down is not an option. Cyber strategies need to be put into place now, incorporating both staff education and improved cyber resilience measures. The key message to land in Kenya is that while you delay, hackers will not. It’s time for Kenyan businesses to realise that it’s no longer a matter of if they’re likely to be targeted, but when.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

3 Tips for Expanding your Organization’s Advanced Security Strategy

With a leadership team in place and a s…

With a leadership team in place and a set of known and like… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017

Transforming your Organization into a Cyber Resilience Team

Educating your entire organization on ad…

Educating your entire organization on advanced security.&nbs… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Aug 07, 2017

Email Protection Tips: Training, Technology, Good Sense

Email Security Requires a Multi-Front Ap…

Email Security Requires a Multi-Front Approach “It was a da… Read More >

Taylor Sisk

by Taylor Sisk

Mimecast Contributing Writer

Posted Jul 11, 2017