Staff involvement is key in managing digital security
Deployment of technology provides us with numerous benefits, both social and economic. However, the digitisation of many sectors of the economy brings with it a number of challenges and risks to our society.
The use of technology has created a situation where information on identity, assets/properties, financial transactions, medical history, employment, security, plans and strategies among others is now available in digital platforms. The fact that this information can be altered and even shared without the authority of the owner makes it very worrying for all of us.
The fact that fraudsters can empty bank accounts, attempt to alter ownership assets such as motor vehicles, alter grades in institutions of learning, alter tax records among many other things is equally scaring.
For businesses the challenge is even greater since the criminals have demonstrated capacity to bring down entire business systems with ease and for prolonged periods. The threats enumerated above among others explain the timely nature of the summit. This is the reason experts drawn across the globe recently converged in Nairobi for a summit on Africa Cyber Defence themed The African cyber security landscape – challenges and opportunities.
The summit was the largest cyber security gathering in the region hosting over 750 senior Information Communication Technology and cyber security experts including ministers, governors, commissioners, Chief Information Officers, and Chief Information Security Officers to address the current and future cyber security needs of the region.
The participants emphasized the need for global collaboration and harmonization of the regulations (policy and laws) and sharing of information since cyberspace has no boundaries. Cyber security mitigation, they said, is a borderless war that needs a coordinated effort.
However, the main task is for Africa to develop home-grown skills and cyber security products and stop over reliance on external/imported products. What also came out is that Africa should be bold enough to allow digital transformation. Though cyber security is a global concern, Africa currently hosts some of the fastest growing economies in the world and the entire continent is set for a huge economic transformation.
The conviction is that cyber security breaches and attacks have the potential to slow down Africa’s economic development, hence the need to collaborate immediately to address and counter the cyber-attacks with the right people, process and technologies is critical for the region. We live in a society which may be considered as technology dependent where provision of critical services is now reliant on technology. One may rightly observe that a significant failure in technology may render an institution helpless if appropriate disaster recovery capacity is not in place.
A report released by Serianu (an information technology services and business consulting firm) earlier this year dubbed “Africa Cyber Security Report 2017”, indicates that 90 percent of Africa’s business are operating below par as far as cyber security is concerned. The report further observes that in 2017 alone, Africa as a whole lost more than $3.5 billion (Sh350 billion) in cyber-attacks, a 75 per cent increase from the 2016.
From these statistics, it is clear that cyber-crime attacks are on upward trend. This is an indication that our concerted efforts are required to reverse this trend and enhance the security of information and resources entrusted to us. To address these issues I believe it is important for institutions to involve staff in managing the security of their digital environment. Staff must be sensitized on their role in ensuring the institution remains secure.
It was also the suggestion of the participants that creation of awareness and building capacity in Africa ought to be done through a common front. This is an investment that should not be overlooked. Institutions should also invest in continuous modernization of their technologies both hardware and software. To lag behind in this aspect exposes them further. The level of investment in systems security should reflect the importance of this matter. Capacity of security professionals should be continually enhanced.
Furthermore, close collaboration with other agencies is an important element. This ensures that investment in this area is shared including research on emerging threats. A dedicated cyber security formation to spearhead security of government institutions should be an option for consideration given the need to optimise the use of resources in cyber security for the governments.
We are clear in our minds that technology will continue to play a significant part in the social and economic development of our continent and her people. Kenya Revenue Authority is committed at curbing cyber-crime to secure efficient facilitation of Domestic Resource Mobilization as a key element in the country’s transformation agenda.
Mr Githii Mburu is the Kenya Revenue Authority’s Commissioner for Intelligence and Strategic Operations