Many Kenyan agencies that heavily rely on the internet to conduct their core business have invested on some form of cybersecurity — especially in the last five years.
But as long as the people using this cyberinfrastructure do not appreciate their personal stake in cybersecurity, these investments often turn out to be a huge waste of money.
Every year sees cyberattacks growing in sophistication and risk. Just a few days ago the instant messaging app WhatsApp reported that hackers had managed to spy on private messages, and urged users to update their apps.
A more notable example is the worldwide WannaCry ransomware attack in May 2017 that targeted computers running the Microsoft Windows operating system.
The attackers encrypted data on these computers and demanded ransom payments in the bitcoin cryptocurrency.
Such threats have seen a growing number of local companies invest in managed security services, whereby they outsource third parties to implement, manage and maintain their security infrastructure.
In fact, as indicated by the just released Cyber Security Report 2018 by Serianu, Kenyan companies are spending more money on securing their systems than they are actually losing through security breaches.
According to the report, of the Sh29.5 billion lost to cybercrime, a whopping Sh20.6 billion was spent in anticipation of cybercrime and reputational damage to firms.
With such massive investments in cybersecurity, one would expect more vigilance among users.
Yet, this is seldom the case for many agencies — both public and private.
We only comply with the employer’s cybersecurity policies because it is a requirement, and not be ..