Kenya vulnerable to cyber attacks
Yesterday, I shared what makes Kenya and South Africa more attractive to cyber criminals than other African countries. Industry experts say Kenya is a sitting duck for cyber attacks, with defence capabilities that are years behind other African countries and not enough talented people willing join its cyber defence team. Some of the reasons researchers have noted are poor pay, tribalism and under investments.Kenya, just like many other African countries rely with expatriates from the west to manage their cyber defence capabilities. There were more than 4,000 organisations significantly hacked in 2016 largely due to lack of talented people willing to join Kenya’s cyber defence teams.Kenya has been in the sights of global cyber-attackers in recent months, with some estimating more than 4,000 organisations have had their data stolenThe President office, 13 commercial banks, two media houses and three tele operators are just a few of the high-profile entities to have fallen victim to attack. Many of the incidents have been claimed by the hacking groups based outside Africa. But experts in the region I sought their views argue Kenya’s cyber problems run much deeper.One of them said it begins with personnel. So everybody needs talented people and government needs talented people so the shortage is serious,” she said.”And they cannot hire enough talented people and monitor communications inside companies so that’s really serious actually.” We have different intelligence agencies in the Kenyan government that operate within National Intelligence Services (NIS) but we are not listening, we are not tapping internet communications at all inside Kenya. So that’s our problem.Any legal mining of data must be accompanied by a court order and only NIS can sidestep such a requirement because it is powerful and well funded.Within organisations, you can’t tell what your staff are doing, she lamented.
She said the Swahili language was a barrier to overseas experts working there and careers in cyber-security may not be attractive to young people.”Security is not a good business for young, talented people, so they want to go to markets for making profits, but security doesn’t make any profits, so they don’t want to work for a security business.”Another expert who works with an international bank thinks Kenya has fallen behind in cooperating with other countries and sharing information.”Where Kenya has lagged has been in what you might call the institutionalisation of cooperative strategies, both within Kenya between the government and private corporations, but also between Kenya and other countries. “Kenya has been much slower to develop those collaborative mechanisms and they’re absolutely essential to make sure that countries like Kenya and leading companies operating outside Kenya like banks, retail companies among others can defend against the more sophisticated cyber threats.”The third view came from a researcher who told me that information-sharing issue harks back to the Kenyan constitution, which was drawn-up after post election violence in 2007 and 2008. It stipulates that Kenyan intelligence agencies are not allowed to tap any communications inside Kenya unless it is authorised by high court.This has helped hackers to mask their physical location and while other countries often need further information from Kenya.”We don’t have a Kenyan version of GCHQ in the United Kingdom or NSA in United States. He said changing Kenya’s constitution to address the problem will not be easily achieved. “This is a sensitive political problem especially with the opposition and civil society groups who see the current regime of Uhuru Kenya as oppressive and retrogressive in its policy implementation.