Kenya needs more cyber security experts – analyst

Expert says the country’s demand stands at between 40,000 and 50,000

In Summary
  • According to Sote Hub director David Ogega, the country’s cyber security experts demand stands at between 40,000 and 50,000.

- “And yet we have less than 2,000 experts,” Ogega said.

Kenyan businesses, corporations and individuals have become victims of expensive ransomware payouts.
CYBER SECURITY: Kenyan businesses, corporations and individuals have become victims of expensive ransomware payouts.
Image: FILE

Kenya is suffering from a deficit of cyber security expertise and this should be quickly addressed, experts have warned.

According to Sote Hub director David Ogega, the country’s cyber security experts' demand stands at between 40,000 and 50,000.

“And yet we have less than 2,000 experts,” Ogega said.

Speaking on Friday during the cyber security awareness launch in Mombasa, Ogega said these are the opportunities that young people in the country should take advantage of.

The launch was part of a series of events that will culminate in the Blue Economy Summit 2023, set to be held between October 27 and November 3.

The series of week-long events provide platforms for innovators, the business community, the government and private sector to celebrate innovative ideas and innovations at the Coast.

The Blue Economy Summit was first held last year with more than 200 guests, including the Slovakian ambassador to Kenya.

This year’s three-pronged themes will include the intersection between cyber security, the circular economy and the blue economy.

Ogega said the summit, organised in partnership with the Communication Authority of Kenya and SlovakAid, will also involve county governments of Kilifi, Taita Taveta, Mombasa and Kwale.

“We will be able to come up with ideas on how to ensure Kenya is safe in terms of cyber security,” Ogega said.

Two weeks ago, Kenya was allegedly hit hard by hackers with most government services through platforms such as e-citizen and even private firms like the giant telco,  Safaricom, falling victim to a massive cyber-attack.

ICT and Digital Economy CS Eliud Owalo said no data was accessed or stolen during the attack and that the state is looking at a long-term solution to future attacks.

He said all that the hackers did was slow down the eCitizen website by putting in unusual requests.

"We are ensuring that around this digitalisation space, we will build an elaborate risk mitigation framework for purposes of sustainable digitalisation," he noted.

On Friday, Ogega said: “How can Kenya be prepared and ready to counter the aspects of cyber security? If you remember, in 2021, Kenya lost close to Sh21 billion because of cyber-attacks.”

Ogega said at the moment, it is difficult to assess Kenya’s preparedness in countering cyber-attacks, saying most of the official government websites sometimes lack tools as basic as Secure Sockets Layer (SSL).

An SSL is a security protocol that creates an encrypted link between a web server and a web browser.

Companies and organisations need to add SSL certificates to their websites to secure online transactions and keep customer information private and secure.

“I think there is still room for improvement,” Ogega said.

He said Kenya’s economy is today largely digitised, being a leader in the region in terms of having digital platforms.

“I am very glad that the government is putting most of its services on e-citizen. What that means is that we need really to have a new way of securing our data," the Sote Hub director said.

"I would not say we are 100 per cent. There are a lot of gaps but we also have a lot of opportunities to be better."

Mukhtar Salim, the chief technology officer at Innovus Group, said there is a need for youth in the country to protect their data more.

He said in the era of advanced technology and interconnected networks, the threats posed by cyber-criminals have become more sophisticated than ever before.

Salim said as organisations and individuals rely heavily on digital platforms for communication, financial transactions, and sensitive data storage, it has become crucial to address the growing concerns of social engineering and cyber security forensics.

He said social engineering attacks can have severe consequences for individuals and organisations alike.

“The unauthorised disclosure of sensitive data can lead to identity theft, financial loss, reputational damage, and even legal repercussions," he said.

“Moreover, social engineering attacks can serve as a gateway for further cybercrimes, enabling hackers to infiltrate networks, launch malware attacks, or compromise critical infrastructure.” 

He advised youth not to click on links from anonymous sources whenever online, to enable encryption and to ensure they have 2-factor authentication for their online activities.

“Never share information online anyhow. Share as little as you can. It’s best for your security and your safety,” Salim advised.

Innovus Group training specialist Salwa Salim said ladies are most vulnerable to social engineering and identity theft due to their love for social media.

“We share lots of stuff on social media. We share lots of photos and information that can lead to social engineering,” she said.

For instance, she noted, ladies like sharing their achievements and things like certificates of major things they accomplish.

“Those certificates could have certificate numbers, date of birth, and names. That person is going to use all that information to create a fake account about you," Salim said.

“You may post a photo that has your credit card on the background and which clearly exposes your credit card number. Such can easily be stolen and used to transact."

She said most of the people using social media tend to ignore such risks and encouraged more women to venture into the cyber security field, which she said is vast.

WATCH: The latest videos from the Star