Private corporations risk increased cyber attacks due to the high level of secrecy between one another which slows down the sharing of best practices in the case of an attack.
“If an attack occurs in a company today you will most likely not hear about it. This kind of secrecy hinders sharing of vital information further hindering the implementation of best practices,” Citibank Europe, Middle East and Africa lead business information security officer Edward Kiptoo said yesterday.
Speaking at a forum on cybersecurity attacks, Kiptoo said that the speed of cyber attacks was increasing rapidly and methods becoming more creative hence difficult to deal with.
He said most firms in the country needed to invest heavily in security systems as the ones currently in place had low detection rates with very few having the right systems in place to mitigate the risks.
The ICT survey report launched on April 26 shows that 43.4 per cent of public sector organisations reported having an ICT security policy compared to 35.9 per cent private enterprises.
In the report, only 28.2 per cent of private firms reported online crime with 96 per cent investing either nothing or less than $5,000 (Sh516,000 ) annually in building systems to combat cyber crimes.
This comes on the backdrop of the global cyber security threat known as Ransomware that has so far seen over 200,000 computers locked in more than 150 countries.
Through the computer malware, the attackers have been demanding $300 (Sh30,960 ) ransom to unlock devices payable in the global cryptocurrency known as bitcoin.
“Unfortunately I can report that there has been one case in Kenya as well. The government has been on high alert and is keen on following this development to ensure that it does not spread to many Kenyan firms,” Ministry of Information and Communications Technology CS Joe Mucheru said during the forum.
Mucheru said that cyber security reporting had to be industry driven as the ICT state department has no mandate to force firms to report online crimes adding that statistics were coming in slowly but not all private sector firms were willing to share information.
“Even if we put policies and laws in place, if people do not feel confident enough to come out and actually say there has been a crime here on cyber security, by law we can’t necessarily force you to report,” Mucheru said.
He urged all Kenyans to be extra vigilant especially organisations in the financial services sector who he said were particularly vulnerable due to their significant reliance on technology to link to each other, to financial markets, and to other sectors of the economy.