Kenya Cyber Security Report 2015
organisations. People are known to be the weakest link
in the security chain. The latest security technology
may protect core systems, but it cannot protect against
Our
employees giving away information on social networks or
Priorities in 2016
purposes. Organisations need to invest in security
using their own, less secure, mobile devices for business
awareness and training - that covers cyber security
1
Cyber security monitoring
and human based log
analysis is no longer an
option but a NECESSITY
The type of attacks local organisations
experienced in the past year clearly confirms that
practices in the office, such as protecting passwords, how
to deal with phishing and other social engineering attacks
and also how to enhance privacy settings on social media
sites.
3
traditional, signature-based security measures are
simply inadequate when it comes to stopping today’s
In our analysis of cyber intelligence,
cyber criminals. You can no longer rely on automated
solutions to protect your data. Cyber criminals are very
proficient at bypassing multiple automated defenses and
have many social engineering tricks in their arsenal to
leverage people’s habits to their advantage. Fortunately,
most attacks on your network leave behind indicators
that signal a problem. Organisations need to put in
cyber security monitoring processes to identify these
behaviours, and alert relevant personnel to resolve the
issues.
2
Every organisation must
develop Localized cyber
intelligence and research
we have noted an increase in the number
of Africa-based cyber criminals, especially from Nigeria,
Rwanda and Kenya. This is a clear indication that Africa
is increasingly becoming a source of cyber criminals
and tools. Most recently, we uncovered a cyber criminal
ring that was harvesting Facebook account information
from Kenyan users and some financial institutions and
leveraging this information for profit. Localized Cyber
intelligence and research is critical in understanding the
type of attacks that your peers are facing in the region.
There is a need for
MANDATORY Employee
Security Awareness and
Training
No matter how you look at it, people
continue to pose the greatest cyber security risk to
While many technology vendors will provide you with
cyber intelligence - our experience has been that this
intelligence is global in nature and does not put into
account any local intelligence. To be fully secure you
need to develop local cyber intelligence capabilities
that will enhance the visibility of the threats facing your
organisation.
9