The massive attack affected health, government, industry, transportation, communications and financial institutions among others.

According to the reports, more than 200,000 systems worldwide were hit.

However, it appears that only one of every 1,000 victims paid the ransom to the attackers.

Two weeks ago, there was an intercepted hack on Kenya’s commercial banks inter-bank transfer platform PesaLink.

Luckily, the authorities said neither cash nor customer data were lost.

The Kenya Bankers Association (KBA), which owns the platform reported the attack to Central Bank of Kenya (CBK).

The hacking discovery came as Kenya Commercial Bank (KCB) customers remained out of the PesaLink service for a couple of days in what the lender attributed to an ongoing upgrade of its software. The accountant’s report has recommended behaviour change. ICAEW said there is need to encourage employees to change passwords often, stop inserting infected USB’s to company machines, and lock computers when they leave their desks.

An interesting bit in the report showed how some companies are testing their employees by sending them infected links to see how they will react.

Offering specific training to employees handling data (customer data and financial data) is highly encouraged.

“If companies cannot keep their goods and customers safe, their ability to trade successfully will ultimately be diminished,” said ICAEW.

“While a digital infrastructure underpins the activities of most businesses today, many organisations only consider cyberrisks as an afterthought,” said ICAEW.

Similarly, companies’ boards should consider hiring correct skills – boards should get basics of cyberright by getting the right IT skilled people on their teams. And on the organisational culture - if the board, and C-suite staff have an understanding of cybersecurity and take time to emphasise it, employees will also start to care.

Page 2 of 2