By Christine Muchira
CyberSecurity experts have highlighted the need for insurance and banking services sector in the country to enhance the pace of deployment of secure Information Communication Technology (ICT) practices in their organizations.
According to ICT security company, ESET East Africa, the recent spike in cases of cyber attacks and breaches in the financial services sector is attributable to the slow pace of implementation of ICT security protocols.
Speaking at the quarterly CIO East Africa industry breakfast, Alistair Freeeman, Chief Executive Officer, ESET East Africa, said there still exists a huge gap between the speed banks and insurance companies are deploying technology solutions and the rate at which they are adapting these solutions onto secure frameworks.
“We have seen businesses move from using single static device environments and onto multi-layered devices and even cloud technology platforms. This means that we should be pushing for a synchronized security environment where aspects of security are shared at all levels of business“, said Freeman.
The Central Bank of Kenya (CBK) is said to have since taken positive steps in addressing the attendant security risks in the sector. Recently it ordered a full ICT Security system audit for all banks and insurance operators.
Njaramba Kanani, the Information Security Officer at Chase Bank, said the baseline survey is meant to give a glimpse of the state of affairs in the sector towards addressing the attendant Cybersecurity risks facing the sector.
“The fact is that we will be definitely be attacked, of importance however is what we do after or how far the attackers can go in case of a breach. In this regard the new CBK rules have given the sector even more reason to invest in security matters“, he said.
At the forum, it emerged that over 30, 000 unique cyber attacks and attempts are recorded in the financial services space in Africa annually. Even so, it was said that many insititutions do not fully understand the security challenges that come with their constantly upgraded and integrated technologies such as mobile and remote service delivery models.
According to Freeman as companies invest in and integrate more ICT systems onto their processes there is an inadvertent increase in their risk profiles. These he said should be tested and re-tested regularly to wipe out loopholes.
“Even with the highest level of security investment, the human element remains the weakest link within organizations especially where the Bring Your Own Device (BYOD) culture sustains. Noting that mobile malware is among the biggest emerging threat in cybersecurity today, a weak user proficiency policy among staff on ICT security matters is a major threat to any ICT security efforts“ he explained.
Currently over 20 million Kenyans access the internet through mobile devices, many of who use the same single device for personal, business and official work purposes.
Freeman said that education and awareness on cybersecurity risks is the only way towards acheiving ICT Security maturity among staff and if the industry is to turn the tide in the fight against cybercrime.