NAIROBI, KENYA: The increasing use of cyberspace and digital applications in the country and globally should be a strong enough reason to encourage individuals, investors and governments to make cybersecurity a top priority.

As one might expect, effective infrastructural cybersecurity measures are important if a successful approach will be implemented to tame the constantly evolving threat. 

In this context, it is important to emphasise that this is where enterprise security comes into practice. Simply put, enterprise security involves understanding, where and how information and data is managed both within and outside the enterprise boundary.

Secondly, it encompasses how information technology supports safe business practices, the security processes and control framework, in the context of the business including how facilities and access control support the logical security model.

In fact, enterprise security focuses on providing a risk-based approach to define priorities and identify exposure to potentially malicious activities. It is potentially similar to a management process used to effectively manage security risks, both proactively and reactively, across an enterprise.

Arguably, enterprise security risk management continuously assesses the full scope of security-related risks to an organisation and within the enterprise’s complete portfolio of assets.

The management process quantifies threats, establishes mitigation plans, identifies risk acceptance practices, manages incidents, and guides risk owners in developing remedial efforts.

Admittedly, hundreds of millions of cyberattacks take place every year in Africa, especially in South Africa, Nigeria and Kenya who pay a very heavy price.

Kenya was ranked 69th most vulnerable country in the Global Threat Index out of 127 nations, last year. The country is estimated to have lost about Sh20 billion as a result of cybercrime but surprisingly 96 percent of companies in Kenya spent less than Sh515,000 (US$5,000) in cybersecurity.

Kenya pays the highest toll across Africa. According to a widely accepted estimate, cybercrime costs the world economy about Sh51.5 trillion (US$500 billion), more than the Gross Domestic Product of South Africa at Sh36.1 trillion (US$350.6 billion) and slightly less than that of Nigeria at Sh53.7 trillion (US$521.8 billion), the continent's largest economy.

The number of countries who have adopted cyber legislation is increasing fast, but over 30 countries, most of them in Africa and Oceania, still have no specific legislation of this kind. In Kenya, the enactment of the Kenya Computer and Cybercrimes Bill 2017 will play an important role in establishing standards, maintaining order, resolving disputes, and protecting liberties and rights.

Beyond legislation, the digital evolution is today absorbing the impact of a rather different and wider ranging breach of cybersecurity, and the potentially vast implications for the current cybercrimes’ currency of choice, bitcoin.

As a matter of fact, there are numerous cases of ransomware attacks in Kenya that go unreported. This is because we are not required by law to declare in case of a breach. There is at least one breach daily that happens but most are contained without causing irreparable damage.

There is no simple way. Institutions need to invest in Cyber Security and look at it as a strategic investment as opposed to an expense to the institution.

An African ISP, offering solutions over satellite, fibre optic and wireless networks such as iWayAfrica –– can assist corporates to have multiple layers of well configured signature-based security in place.

In the event of a breach, institutions should focus mainly on mitigation of data loss and damage and providing information to law enforcement. One way of solving this challenge is by having a plan of action that includes identifying where the breach came from, assessing what damage it made and how to prevent future breaches from happening.

It is also important to bear in mind that there are a number of proactive steps that organisations may take in order to mitigate the risk of a cyber-attack before it happens. Arguments, criticisms and debates are central but the common saying in Cyber Security is; “It is not about if you will be attacked, but when!”

Irrespective of the position taken in particular, organisations should carry out a comprehensive assessment of their existing processes and procedures, identifying what needs to be protected and assessing the specific risks and potential impacts on the business. 

It is equally very important for firms to be informed about threats and current trends. Intelligence is a valuable asset when it comes to Cyber Security. Furthermore, awareness of commonly exploited vulnerabilities and threats goes a long way in fortifying the security of an institution.

In the space of cyber security, there are a couple of companies that offer Cyber Threat Intelligence Services, incidence response, vulnerability and compromise assessments, capability assessments, Hunt Mission Training as well as Cyber Threat Diagnostics.  

Throughout generations, the key external motivations for cyber-attacks are; systems sabotage and exploitation of systems weakness, business rivalry systems exploitation for illegal competitive strategy insights, and systems attack due to ideological differences.

The issues and investments surrounding Cyber Security deserve increased planning and attention.

It is therefore no doubt that security reliability of information connected over distributed networks offering convenience to stakeholders is vital, not only in the private sector, but also in the public sector.

The writer is the Managing Director at iWayAfrica Kenya