Kenya Cyber Security Report 2015
Telecommunications
sophistication will continue to grow as the industry
automates and innovates.
6
Telecommunication service providers in
Kenya are a prime target for cyber
Hospitality
criminals. As the country’s reliance on
technology continues to growth with all
organisations (banks, government etc)
relying on internet connectivity from telcos. Cyber
Due to Kenya’s positioning as a top
9
tourism and business destination. The
country attracts hundreds of thousands of
criminals are targeting these organisations because of
global visitors every year. To ensure they
three main reasons: the control and operate critical
infrastructure in the country; they store large amount of
can cater for the global visitor, most of the
organisations have invested in the use of
sensitive customer information, and they facilitate mobile
technology to efficiently collect, process and store huge
money services in the country.
amounts of customer and payment data. Most of these
organisations have not invested in information security
Insurance
practices which makes it one of the most vulnerable
sectors in the country.
7
Like other sectors, the insurance sector in
Kenya struggling with process automation
Professional Services
and implementation of new technologies
like cloud, mobile and big data. Most of
the risk in the sector is attributed to
malicious insiders who access systems to make
unauthorized changes to key financial/customer systems,
transfer money illegally and steal customer/brokerage
files. As the sector continues to introduce new internet
related channels the level of cyber risk is also growing.
10
Majority of consulting and professional
services firms (strategy, marketing, law
and audit firms) in Kenya have not
implemented cyber security measures
similar to the mitigation strategies put in
place by the corporate clients they work with.
Consider that most of these firms hold lots of sensitive
corporate information. Cyber criminals are targeting these
Retail
firms to get access to marketing plans, financial
documents, litigation documents and strategy documents.
8
Historically, Criminal activity targeting
There are cases where internal employees are leaking
Kenyan retailers was mainly manual and
information to external parties. As long as cyber criminals
involved shoplifting and other physical
think they can easily get access to a corporate clients
theft of merchandise. The recent
critical information from a professional services firm. They
automation and innovation had led to
will target these organisations instead of going directly to
new cases of fraud involving systems. This includes credit
the corporate clients network.
card fraud targeting retail customers, malicious
manipulation of data in retail/loyalty systems, and
unauthorized payments. There is no doubt these level of
18