Financial institutions hurting from cybercriminals

The risk of cyberattack on financial services firms cannot be overstated.

Cyberattacks cost financial services firms more to address than firms in any other industry and according to cyber security consultancy Serianu, Kenyan companies lost over Sh21 billion in 2017 while in 2018, cyberattacks cost the Kenyan economy Sh29.5billion.

It should come as no surprise that the Kenyan banks are the most hit by the viral vice even as this year (2019) according to Microsoft, is expected to see more cybercriminals employing tactics like exploiting under-secured cloud apps and software features, as well as sophisticated social engineering through techniques like phishing.

Of the Sh29.5billlion lost to the economy through the vice, Sh18 billion was withdrawn from bank customers’ accounts, with the institutions having to refund the money, with about 90 per cent of cyber-attack incidents going unreported.

Financial institutions urged to adopt military-style tactics to fight cyber crime

 

It is against this backdrop that, Microsoft Tuesday reemphasised its ongoing commitment to providing a safer and more trusted platform to organisations and businesses in the region.

During a stakeholder event, the corporation highlighted its recently published Security Intelligence Report, which looks at emerging cybercrime trends over the past 12 months, revealing key findings not only into the global threat landscape but also locally.

The latest report is now placing the state of cybersecurity in Kenya in the spotlight once again. As such, a need exists for the developed world to aid in training experts in cybersecurity, and more co-operation should be initiated between developed and developing countries.

The report also estimates that Kenya only houses 1,700 skilled cybersecurity professionals, with 60 per cent of companies facing a shortage – alluding to a need for more education, exposure and adoption.

It is said that within Kenya, the financial sector is the hardest hit by cyberattacks – research has found that in late 2018, banks accounted for 18 percent of the attacks, while payment systems accounted for 10 percent of the attacks.

“As organisations continue to pursue a fully digitally transformed future, threats within the cyberspace will continue to become more advanced in not just the financial sector, but in many industries across the region.

This will leave individuals and organisations alike with no choice but to turn to the ever-improving capabilities that advanced technologies and solutions bring with it – and this is what encompassed our goal for this event. We are passionate about this and recognise the dire need to not only inform but also enable organisations in this regard” says Sebuh Haileleul, Country Manager for Microsoft in Kenya.

Microsoft recently published the 24^th and latest edition of its Security Intelligence Report. The report aims to delve into the cybersecurity events that took place over the past 12 months and includes an overview of the threat landscape, lessons learned from the field and recommended best practices – this was unpacked at the event.

The report identified four key trends that have risen to the forefront in the plight against cybersecurity and that look to remain prominent through the remainder of 2019“From our ongoing research, we found that in the past year ransomware attacks as a vector declined, software supply chains became a risk, cryptocurrency mining prevalent and that phishing still remains the preferred attack method,” says Sebuh Haileleul, Country General Manager for Microsoft, East Africa.

“While this may indicate progress in blocking ransomware attacks against organisations, it also draws our attention to new avenues now being identified for attacks – otherwise very easily ignored by organisations as a recognisable ‘pathway’ for penetration.”

Besides trends identified from the Security Intelligence Report – notable ongoing trends to look out for in 2019 and beyond were also unpacked.

“The use of AI to combat cybersecurity to fill crucial gaps by analysing a vast ocean of threat data to prevent attacks before they occur is a factor that organisations, through partnering with the correct solutions provider, remains pivotal.

Furthermore, the cloud is and still will be imperative to securing the modern workplace. Lastly, quantum computing, although still in its infancy will require threat analysts to keep an eye on what advances in quantum computing would mean for security in 2019 and beyond,” says Sebuh Haileleul at Microsoft

According to a report by the Communication Authority of Kenya covering the period October and December 2018, cybersecurity threats in Kenya increased by 167% to 10.2 million from 3.8 million threats detected in the previous quarter.

“While there will always be new threats, new attacks and new technologies, statistics like these should urge companies to take action immediately to address security concerns, improving their security postures. It is critical for companies to strengthen their core security hygiene (across things like monitoring, antivirus, patch and operating systems), adopt modern platforms and comprehensive identity, security and management solutions,” continues Haileleul.