Today, cybersecurity issues are becoming a daily struggle for most businesses. Recent trends, the adverse effects of the global pandemic, and numerous cybersecurity statistics reveal a massive proliferation of breached data from different sources, including mobile and Internet of Things (IoT) devices.
In Kenya, for instance, cybercrime has significantly increased over the past few years due to the rapid digitization of the financial sector and increased online payment options. Hackers have become quick to leverage the opportunities offered by the Internet, especially the growth of e-commerce platforms and online banking.
Cybercriminals are now targeting government institution networks to steal personal information in bulk and sell it to the highest bidder.
While technology adoption is unstoppable, and the country is continuing to invest more in ICT infrastructure, Kenya needs a robust environment that allows the industry to grow without the constant cyber threats.
Cybersecurity does not only involve the protection of systems and technology but also extends to the all-around protection of users, their intangible values, physical security, and ensuring non-disruption of their daily critical activities. It is for this reason that KICTANet, in collaboration with Trust4Cyber Flagship Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, prepared “A study paper on human-centered cybersecurity: Kenyan Fintech sector.”
The study maps out the cybersecurity landscape in Kenya and focuses on the financial sector. It also advocates for a human-centric approach to cybersecurity.
In addition, the report presents the Kenyan country context in terms of legislation and stakeholders involved in the financial sector. It notes the increased access, use, and adoption of ICTs in the country, which have been facilitated by the digital payments in the country, and whose value continues to grow as e-commerce becomes mainstream.
The focus on the financial sector is due to the enormous role it plays and the increased uptake of digital payments in Kenya and a simultaneous increase in cyber threats.
Kenya’s fintech sector has expanded exponentially over the last few years. Most banks today have adopted technology to enhance the banking sector and its services, focusing on digitization of businesses, banking and fintech, data governance, and future developments in the ICT sector, among others.
However, this has increased the surface area for attacks and made the financial sector more prone to risks. The increased frequency of attacks is attributed to the lack of security policies and procedures for remote working and a general lack of cybersecurity awareness among users.
The finance sector (banking, Micro Finance Institutions, and Saccos) notes fraud as the biggest threat. The threats affect the ATM infrastructure, mobile banking infrastructure, debit and credit card systems, and third parties and vendors. They also suffer from sabotage and ransomware compromising their identity management systems (Active Directory).
The emerging threats in Kenya are organized crime, exporting cybercriminals to the East African region, cybercriminals moving from the financial sector to other areas, social media related scams, API integration weaknesses, ATM attacks, third party attacks, cloud penetrated attacks, crypto mining on local systems, and ransomware and end-user system hijacking.
The manufacturing, insurance, healthcare sectors, and government also face fraud in their payment systems, storage or document management systems, and identity management systems. Email systems also face phishing threats.
For this reason, stakeholders need to design policy, legal and regulatory interventions to tackle cybercrime. By drastically decreasing the chances of a breach, organizations can be better protected from the enormous financial and productivity losses, as well as downtime, that a cyber-attack can cause.
Therefore, the government and the international development partners should promote a human-centered and multistakeholder approach in the implementation of cybersecurity strategies.
Moreover, the private sector should invest resources in hiring and retention of skilled personnel, knowledge, and capacity building. The sector out to upgrade infrastructure, tools, and software, as well as cybersecurity strategies to enable organizations in the financial sector to detect, deter and respond to cyber threats.
Civil society, on its part, can develop cyber hygiene programs and messages targeted at the public.
Get the latest copy of our study paper through this link for more information and recommendations on what these sectors can do to increase ICT uptake in Kenya’s financial sector while minimizing cyberattacks.