Three years ago Internet connectivity was a major concern in Kenya, until the undersea optical fiber cable linking the country to the world was installed. This connectivity has enabled business to collaborate with overseas partners among other benefits, though the super highway has brought yet another problem - Cyber security. This has shifted the priority of the Kenyan government to create awareness and secure virtual systems operating in the internet ecosystem.
Speaking during the 1st Annual East Africa ATMs, Cards and Mobile Banking Security Summit, held at Laico Regency Hotel in Nairobi, the Permanent Secretary Ministry of Information and Communication, Dr Bitange Ndemo noted that every operation in the country will soon rely on ICT and therefore the government is taking measures to protect cyber attacks by having response groups formed like the Kenya Computer Incidence Response Team (KE-CIRT) under the Communication Commission of Kenya (CCK).
The two day conference organized by Cyber Sec Africa, an ICT solution provider, brings together players in the ATMs, Cards and Mobile Banking Markets from developed and emerging markets to exchange insights on fraud, especially in the current state of the world when financial flows are growing rapidly and in an increasing disintermediated form.
"This is a critical period to discuss cyber security, after overcoming the connectivity challenge in the country. In as much as the super highways are beneficial to Kenyans, they pose a major challenge in terms of cyber security", echoes Dr Bitange Ndemo. The government sees cyber security as a concern especially when every innovation in different sectors of the country's economy seems to originate from an ICT.
Dr Ndemo says the government has commissioned a study; Public Key Infrastructure (PKI) to enhance electronic commerce in the country. The PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority. This legal framework will govern ecommerce platforms against cyber crime and offer data protection. Businessmen will be able to verify who they are dealing with in the virtual networks.
The Central Bank of Kenya is also working with the government on PCI DSS security standards that should govern every business that exists virtually in the country. Part of these new standards will ensure that every business organization will have its security system periodically audited and upgraded. This master plan will be launched in April 2012.
Dr Ndemo said credit card usage grew marginally to 117,835 from 111,383 as at June 2010, with the value of transactions increasing by 26.40 per cent to KSh555.2 billion. He says entities that store transmit or process credit cardholders data are required to be compliant with PCI DSS standard, the global benchmark for security, but most have yet to adapt. PCI Data Security Standards will provide an actionable framework for developing a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents.
According to a report released by PriceWaterHouseCoopers (PwC) last week, Kenya is among several countries ranked high in terms of fraud in the world, though cyber attacks are minimal because most of the country's records are not digitized says Dr Ndemo. He pointed that 40% of cyber problems emerge from internal employees of an organization. Companies need to educate their employees on measures of protecting company information and instilling a sense of discipline in terms of information security.