As we near the end of 2017, we will be reflecting on a number of issues that came up in the year of our Lord 2017. And today we start with online space and cyber security. During connected Kenya summit at the coastal town of Diani back in April, I came to learn about Cyber Security Report 2016 by Serianu. There was a session dedicated to Cyber security and the report was discussed at length. The following are some the stats from report that remained stuck in my head:
- Due to increasing level adoption of financial technology across Africa banks are the leading target for cybercrime. And African countries lost at least $2 billion in cyberattacks in 2016. That is not small money by any stretch, in Kenyan settings that would be Ksh.200 Billion.
- Out of the above, Kenya lost about $175million (Over Ksh.17.5 Billion). Again, banks were the main victims, though other sectors like Government, mobile money, Saccos, Microfinance were also affected.
The most worrying part about the report is that most of the attacks were carried out by the bank insiders. It sounded at the time that banks went ahead to prepare for the external threats but forgot the most dangerous threat posed by the insiders. At the end, it is hard to know whether they are better off now. Banks are secretive about these things, making it hard for people to objectively analyze the situation. And I hope one day there will be a law compelling all to disclose some of these issues at the end of each year.
Based on the fact that affected companies do not want to talk about the threats or losses, it is hard to tell what happened in 2017 and we will wait for security research firms like Sarianu to tell us.
But there were a number high profile cyber issues that came up in the course of the year. We start with a sad case where a 16-year-old boy was reported to have committed suicide in Nairobi after playing online game that encourages one to take his/her life. The boy who was in form two at the time, took his life after playing Blue Whale Challenge. The game has 50 challenges, where at the end the player is encouraged to commit suicide. Kenyan Government through Kenya Film and Classification Board (KFCB) banned the game, a step which had been taken by other countries across the world.
On the same month of May, Brenda Maone Waru committed suicide with cyber bullying being mentioned as one of the reasons why she took the drastic action. She was a member of a Facebook group called “Buyer Beware-Kenya(ORIGINAL)”, where she was allegedly bullied by some members of that group after posting about defilement of her three year old daughter
Then came the election period and the question of whether iebc was hacked during August 2017 elections will remain unanswered for a while. This is a topic that very few cyber experts want to talk about publicly, due to the nature of our politics. NASA up to date maintained that iebc was hacked, while iebc and Jubilee say otherwise. No professional want to be caught on a crossfire between those two forces. So at this point we will leave it there but we may revisit the matter sometime in future once people have cooled down.
The other big one was when money was stolen from I&M bank and used to buy bitcoins. According to KenyaWallStreet.com, mid last month, three peer-to peer bitcoin traders were charged with conspiracy to commit a felony at the Milimani. The three, Emma Kariuki, Stanle Mumo and Timothy Gachehe were suspected to have stolen Ksh.10.2 Million from I&M bank and Safaricom Paybill no 517822. The case will be heard on January 2018 and many observers will be watching it closely.
Not everything was gloom and doom in 2017. In June, the Government Gazetted the computer and cybercrimes bill. The bill is expected to provide a framework to deal with a number of cyber related crimes such as illegal access, data and system interference, child pornography and others. According to ifree.co.ke, the bill is also aimed at improving investigations into cybercrimes by making provisions for procedural law tools and securing electronic evidence for effective national and international cooperation.
And finally in September AON Kenya, launched Cyber Enterprise Solutions to enable businesses to protect themselves against cyber criminals, data loss and the potential ramifications of a cyber-incident. According to Aon Kenya Chief Executive Officer Sammy Muthui , the policy provides comprehensive cyber risk cover, including cover for property damage arising out of a network security breach; products liability to address Internet of Things exposures; business interruption and extra expense coverage arising out of systems failure; contingent network business interruption for IT vendors and the supply chain; cyber terrorism coverage; privacy/security liability and event expense coverage; and media liability and technology errors and omissions by endorsement.