Euclid Consultancy Principal elaborates on Kenya's cybersecurity scenario
Among the more digitally connected countries in Africa, Kenya is also one of the most advanced in terms of its cybersecurity capabilities. According to Tyrus Kamau, Principal Consultant at cybersecurity consultancy Euclid Consultancy Services, there is still much room for improvement in the country’s digital defence mechanisms.
As a larger portion of the population in Africa move online, a number of segments are growing at a rapid rate, which is advantageous for economic growth but might pose a risk if the pace of advancement is substantially higher than the rate at which the safety net for such a scenario can be developed.
In Kenya, for instance, digital advancement has brought, and is expected to bring significant growth to industries such as digital services and telecom. The country’s telecom market will reportedly surpass the $3.5 billion mark by 2022, while the digital services market will also cross $5 billion over the same period.
The cybersecurity market, on the other hand, is currently worth just under $500 million, and will stay under the $1 billion mark all the way till 2022 despite registering steady growth along the way. The scenario poses a considerable risk, one which government and private agencies alike are currently doing their best to tackle.
These efforts have produced tangible results already, given the fact that the number of cyber attacks in the country went down from nearly 11 million in the last quarter of last year to nearly 8 million in the first quarter of this year, of which nearly 3,500 were categorised as ‘critical’.
“The decrease was due to the enhanced response to the cyber threat advisories issued by the National KE-CIRT/CC to the targeted organisations. The measures deployed by the targeted organisations prevented the recurrence of some of the attacks,” explained a report from the Communications Authority of Kenya.
Tyrus Kamau believes this scenario can be improved upon significantly. Based out of Nairobi, Euclid Consultancy Services is a cybersecurity consulting firm that offers a range of services, including penetration testing, R&D in cybersecurity, training & awareness, threat modelling, IT security compliance and forensics.
Speaking on the importance of cybersecurity, Kamau says, “When you consider people who rely on online shopping, financial transactions, the reduction in attacks reassures customers that it's safe conducting business online. Consequently, businesses can continuously push more products and offerings to their customers.”
However, he believes the incident response system in the country could be improved upon. “When a business loses money through fraud or there's identity theft, people will instinctively call the police who will refer the case to the DCI's Cybercrimes Unit. You can see, the CIRT gets to know about the attacks way after the fact. Ideally, the CIRT should be the first point of contact,” he added.
Another area where he feels improvements could be made is in the policy framework around cybersecurity in the country. “It's always a game of catch-up when it comes to cyber crime,” he admits, but adds that “it would be good to go beyond the policies and enforce relevant authorities to tackle the growing threat.”