Kenya Cyber Security Report 2015
Cyber Security Perspective from the
Professional Services Sector
David Kabeberi | Managing Director, PKF Consulting
W
ith the recent uptake of
but through their weakest links, their
fiber connectivity in Kenya,
employees. In fact, over the years, threats
broadband and internet
focused on businesses have shifted from
access has become readily available
vulnerabilities in corporate software
to the everyday citizen. General Cyber
and moved to target the user of these
Security threats (like malware attacks,
systems. The logic being, hacking the
social engineering scams and financial
person is easier than hacking these
fraud, etc.) have increased. Based on our
reinforced systems.
extensive experience in the local market,
a large majority of companies often adopt
the wrong attitude of ‘this won’t happen
to me’’ (referring to IT security risk).
These companies are more focused on
market share growth rather than taking
proactive measures to mitigate security
risks. However, this is a dangerous
viewpoint to take. No company – no
Often users lack the adequate training
and awareness to be able to defend
themselves against these social
engineering attacks. Once attacked, users
often unwittingly share confidential
information that compromises them and
in some instances even the companies
they represent. According to Kaspersky
“consumer” security solutions not
designed for your business needs and
focusing on simple, reliable, practical
solutions that are easy to use and offer
good value.
We believe security awareness and
gaining visibility of your security posture
is key and business owners should
continuously keep informed on emerging
cyber security risks and steps that should
be taken to avoid them, and share this
knowledge with their peers.
Security Network (KSN) statistics for
Focusing on the basics should therefore
April-June 2015 overall 14.7% of KSN
be a key message from industry and
SMEs can be victims to a wide range of
participants in Kenya faced web-borne
government bodies to local business and
cyber security threats, including phishing,
threats, and 39.7% faced local threats
more support should be provided to help
malware, online banking fraud, the
(Social Engineering, USB, flash drives,
them take tangible steps in this area.
threat of the Bring Your Own Device
local networks).
matter its size - is safe from cyber threats.
(BYOD), data corruption and data loss. It
PKF Consulting is doing its part by playing
While security can be resource intensive
an active role in the wider policy debate
in the initial stages, the return on
about how best to support businesses to
investment in safeguarding confidential
improve cyber security practices. Through
information and IP will more than make
expert risk assessment, advisory and
up for this. It is important to realize that
support provision for companies on cyber
having the right security processes in
security issues, raising awareness of cyber
place will help a company in the long-
risks and providing practical guidance on
Today cyber criminals are evolving
term and as a result can save a company
the steps that businesses can take.
and innovating new ways to target
losses both financial and reputational.
companies. They are targeting perceived
The caveat lies in avoiding cumbersome
vulnerable companies not directly
and expensive “corporate” security, or
is thus essential that SMEs put the right
Security policies and practices in place
from the start. This will not only help curb
cybercrime, but will also give companies
peace of mind that their data is protected
against attack.
11