Kenya Cyber Security Report 2015
Cyber Security Perspective from the
Manufacturing Sector
George Okwach | Head of Audit, Crown Paints Limited
T
here is surprisingly very little being done about cyber
with crime because
security in the manufacturing sector in the region.
monitoring tools even if
This lends from the notion that manufacturing’s core
they exist are not being
business is too far hidden from the interest of cyber criminals.
checked, users lack the
Manufacturing industry uses sophisticated software and other
know how of what to look for and most managers are just too
heavy ICT investments to drive their processes. Most of these
busy with top line growth to bother.
systems are in the field of view of cyber criminals. Employee’s
behaviour through their interaction with the company’s data
and network using various devices, user accounts and passwords
makes an organisation vulnerable to attacks.
There is need for the manufacturing industry stakeholders to pay
more interest to the effects of cyber-crime in this sector through
sharing of information on attacks, annual estimates of losses and
how to mitigate cybercrime.
In Kenya and essentially the region, the issues of concern include;
1. How well proprietary assets like patents and formulations are
protected. Most companies surprisingly spend tens of millions
of dollars in marketing their products and almost nothing in
keeping their patents safe from criminals. It doesn’t take a casual
intruder to run a second shift using your formulation secrets and
scattering your top line.
3. Assigning monitoring mechanisms to the systems, processes
and people that manage your critical assets and information.
It is wrong to think that once an SLA has been signed, penalty
clauses will keep everything within bounds. The problem with
this back seat approach is that promises fall below specifications
4. Most companies in the region were founded on and continue
to ride on cheap labour as a major incentive to invest. What we
have seen in industry is employees learning a lot and using this
knowledge for sinister acts.
5. Industrial warehouses that double as corporate headquarters
often provide little access control mechanisms that distinguish
the casual labourer/ contractor and a white collar techie. To “get
the job done” managers and directors have given up bothering
and have allowed intruders into sensitive areas and offices to
their detriment. The information these intruders gather easily
gets used for cyber and other crimes at costly consequences.
In the current age of cyber Security, business owners need
take a long term view and segregate Industrial plants and
manufacturing areas from sensitive managerial desks where
strategy and business development plans are negotiated and
manipulated.
There is need for the manufacturing industry stakeholders to pay
more interest to the effects of cyber crime in this sector through
sharing of information on attacks, annual estimates of losses and
how to mitigate cybercrime
and there are countless breaches on data and security without
any of these being detected. Cyber criminals easily get away
35