Roundup: Kenya steps up cyber monitoring amid lethal virus

Kenya on Tuesday reassured the public that the government computer systems and networks are secure following the emergence of a lethal ransomware virus that is spreading at an alarming speed and wrecking havoc to computer users globally.

The Ministry of ICT Cabinet Secretary Joe Mucheru said the government was keenly following developments on the encryption malware which effectively disabled over 200,000 computers running the Windows operating system in over 150 countries.

"We have heightened our cyber monitoring and surveillance mechanisms to prevent and eliminate any remote possibility of attack," Mucheru said a forum in Nairobi.

He was speaking at the Cyber-Security & Banking Forum organized by Citibank and the ICT Authority, where he challenged the financial services sector to improve information sharing and reporting on cyber-security breaches.

Mucheru added that this would also aid in quantifying the exposure and resilience of organizations both in public and private sector to cyber security incidents.

"Breach notification eliminates the clandestine attempts by hackers to attack systems and enables synergized efforts towards the prevention of the criminal activity as well as their prosecution," Mucheru said.

Ransomware is a type of malicious software that infects a computer and restricts users' access to the computer until a ransom has been paid.

Once a computer has been infected with the virus, it tries to infect other computers within the network and denies users access to information until they pay ransom. The Authority has warned the public against temptations to yield to those demands.

Michael Mutiga, Managing Director, Corporate and Investment Banking at Citibank said that the creation of a shared industry reporting structure was the next phase in the evolution of Cyber-security awareness in Kenya.

"Breach notification is an important factor in the entire process of cyber-risk management. We have seen other markets develop mechanisms to share this data, within set parameters for the benefit or the industry and overall economy," Mutiga said.

Citibank's Lead Information Security Officer for Middle East and Africa Edward Kiptoo said collaboration is taking place on an international level- attacking a global threat through combining the capabilities of companies and banks across the world.

"The information Sharing and Analysis Centers (ISACs) for instance, share information not only internationally, but also across sectors, Kiptoo said.

To stay safe, Kenya has advised computer users to observe a number of precautions including ensuring they have an up-to-date back up of their files offline to ensure the information can be easily restored in the event of an attack.

Mucheru pointed out that although the financial services sector relied heavily on various financial technology to link to each other and the larger economy, it was yet come up to par in terms of cyber-risk preparedness.

"With more than 75.3 percent of Kenyan citizens included in the formal financial services in the country, one would logically expect a corresponding increase in cyber security investments in the industry, statistics indicate this is not the case currently," Mucheru said.

The Kenya Cyber Security Report 2016 by Serianu indicate that about 44 percent of financial institutions run on a cyber-security budget of a paltry 1 U.S. dollars to 1,000 dollars annually, whilst another 33 percent of financial institutions in Kenya have zero spending on all matters cyber security.

The report says that a whopping 175 million dollars has been pilfered from Kenya's economy by savvy cybercriminals.

"We must ensure that our aspirations for innovation in the various sectors of the economy are matched with prudent security risk management especially in the Fintech services area," Mucheru said. Endit