- Two weeks ago, there was an intercepted hack on Kenya’s commercial banks inter-bank transfer platform PesaLink.
- Luckily, the authorities said neither cash nor customer data were lost.
- The Kenya Bankers Association (KBA), which owns the platform reported the attack to Central Bank of Kenya (CBK).
The risk posed by cybercrime is rising by the day with company boards now placing it high on their agendas. A number of attacks that occurred in the past make it the next most serious threat to business.
What is emerging is that companies are struggling to turn general awareness and concern into effective action in the face of pacy uptake of technology in transactions.
A report by the Institute of Chartered Accountants in England and Wales (ICAEW) has given updates on previous years’ insights and offers recommendations for companies’ boards – on why cybersecurity should be high on their to do lists.
It recommends cybersecurity training to staff - as criminals are now targeting workers to provide unauthorised access to data.
Accidental loss of confidential company information is as a result of workers’ actions such as clicking on infected links.
“Until businesses get better at linking cyberrisks with business objectives, and attaching real consequences to non-compliance with expected behaviours, cybersecurity training and campaigns are unlikely to have the desired impact,” ICAEW report said.
The UK-based accountancy and finance body report said while training and awareness - raising activities are important, they are only part of the wider picture.
Leading businesses recognise that good cybersecurity behaviour is a matter of organisational culture, meaning that security is integral to the values and goals of the organisation with strong leadership at the heart of this cyber security culture.
It said a good culture is reflected in responsibility for an ownership of cyberrisks. This should be spread across an organisation and not limited to IT or specialist functions.
On May 12, a worldwide cyber offensive targeted a number of organisations and around 19 companies in Kenya were affected, according to the Kenya’s national Computer Incident Response Team (CIRT) report.
A ransomware note, written in different languages, demanded $300 (Sh30,900) to $600 (Sh61,800) from the victims to decrypt their files.
Infection cases were detected in multiple countries worldwide, including the UK, where several medical institutions were hit, Russia, where governmental offices were affected, Spain, Germany and China.