Financial institutions urged to adopt military-style tactics to fight cyber crime

Kenya’s Central Bank (CBK) Governor Dr. Patrick Njoroge has called on financial institutions including payment service providers to come up with inside threat programs akin to tactics used in the military forces if they are to fight the cybercrime menace.

“There has to be some sort of regular training programs in this regard, weather institutions’ staff are turning into key liabilities…therefore there is need to properly vet them on entry as well as awareness to mitigate the risk of cybercrimes,” he said Friday during the launch of this year’s annual KAA CHONJO initiative.

The initiative by Kenya Bankers Association (KBA) is a nationwide campaign aimed at promoting safe use of their online platforms by training Kenyans on ways of securing personal details when making transactions on their smartphones.

Cyber risk is any threat arising from a failure of an institution’s information technology   systems   resulting to financial loss, disruption of service, and or interference with business as usual or damage to the reputation of an institution.

KBA’s Chief executive Dr. Habil Olaka also called on the financial institutions to adopt internal capacity building programs, customer education programmes as well as innovative mechanisms to control the risk of cybercrime in the wake of evolving and ever advancing technologies that is constantly used by cyber criminals to spread their criminal acts.

“While there has been a noticeable decline in ATM fraud cases since 2014, we have noticed serious threats in mobile and online fraud tendencies that is providing a new challenge for the industry and therefore these mitigating strategies would go a long way in lessening such cases,” said Olaka.

The Central Bank of Kenya is also in the process of unveiling a guideline on cybersecurity for payments service providers, targeted towards safeguarding Kenya’s financial sector.

The guidelines’ purpose outline the minimum requirements that PSPs shall build upon in the development and  implementation  of  strategies,  policies,  procedures  and  related  activities  aimed  at  mitigating cyber risk.

The move will among other factors create a safer and more secure cyberspace ‘that underpins information  system  security priorities, to promote stability of the Kenyan payment system sub-sector, establish a coordinated approach to the prevention and combating of cybercrime, as well as up calling the identification and protection of critical information infrastructure.’

Over the year’s cyber threats has remained a global threat with many companies playing victim to the worrying trend. The threat exposes many companies even with the most reputable and stable security features, institutions and co-operative societies to the risk losing billions of shillings with the banking sector most targeted industry followed by government institutions.

In Kenya for instance, by Communications Authority of Kenya (CA) shows that nearly all cyber threats and attacks that were detected between July and September last year went unresolved with the authority’s first quarter report for 2018/19 showing that the National Cybersecurity Centre detected 3.82 million cyber threats, which was a jump from 3.46 million the institution reported between April and June of 2018.

In May 2018 the Kenyan government signed the Computer and Cyber Crime Act into law this despite an existing law, the Information Communication Act and the Penal Code and its regulations already criminalized several cybercrimes. It could have instead been amended according to analysts to, for instance, increase the penalties for certain crimes. Kenya is a polarized country especially during election times.