Cyber-attacks are severely affecting industries across the globe, including the state corporations, financial institutions, energy sector, health sector and even retail sectors. Cyber-attacks are appearing everywhere in the world and this is becoming a great worry for businesses.

Cyber-attacks in Kenya that are highlighted here include: Alex Mutuku an IT expert charged with hacking into Kenya’s Revenue Authority(KRA) and stealing Ksh3.9 billion. It was alleged by the prosecution that he is connected to international cartels stealing money from several state corporations.

The alleged hacking affected other state agencies including the e-citizen online payment portal for government services. According to Standard newspaper reports, it is alleged that the hacker had access to high-tech equipment and software which enabled them to steal from KRA.

Mr. Mutuku and a Mr Stanley Kimeu Mutua are alleged to have gained access to NIC Bank’s system, asking for a ransom of Sh6.2 million in bitcoins to be paid. They also threatened to put public confidential customer information and were accused of stealing Sh2.88 million from NIC Bank.

Vulnerabilities Exploited

  • Insider threat- this is where internal staff authorized to access information systems work as contact people for attackers. It is alleged that an ICT employee at KRA facilitated the attackers with information
  • Malware-This is malicious code that contains viruses, worms (programs that enter via vulnerability), Trojan horses (malicious program that looks legitimate but harmful) and bots (automated programs that infect host and connect back to a server). The malware enables attackers have persistent access to network and exploit the systems without making its presence known. Thus the case of remote control hacking as reported by The Standard newspaper was most likely executed in this manner.

Steps towards Mitigating Insider Threats

  • Enforcement of effective separation of duties and least privilege technique to minimise the risk of insider theft of proprietary information.
  • Knowing your assets which encompasses: the type of data your system processes, who uses the data and where it is stored.This can be established by conducting a risk assessment.
  • Institute strict password and account management policies and practices , then conducting audits of account creation and password changes by system administrators
  • Developing stringent access controls and monitoring policies on privileged users such as using multifactor authentication to reduce risk of abuse and increase accountability.
  • Enforcing system change controls to prevent insertion of backdoors, key loggers, and other malicious programs.
  • Creating a log management policy and procedures such as security information and event management (SIEM) system to log, audit and monitor employee actions.
  • Control and monitor remote access from all end points, including mobile devices.
  • Develop employee termination procedures that are comprehensive such as disabling remote access.
  • Implement secure backup and recovery processes such as encrypting backup media and verifying cryptographic check-sums.
  • Implement insider threat detection rules into SIEM systems. This can be down through continuous review of logs and ensuring that watch lists are updated.
  • Use network monitoring tools to monitor the network for a period of time to establish a baseline of normal behaviours and trends. Monitor baseline data points including device communication, VPN access, ports and protocols, firewalls and IDS alerts.
  • Create a data transfer policy and procedure to allow sensitive company information to be removed from organizational systems only in a controlled way such as removable media, bluetooth, printers, internet services (FTP, cloud services).
  • Conducting insider threat awareness training for all employees to enable them identify malicious insiders.

The trend of increasing cyber-attacks in Kenya is a cause to worry for many organizations thus calling for the stakeholders to step-up measures to strengthen their networks and systems security. In order to mitigate the threats and attacks from shrewd cyber criminals, companies are left with little choice but to adopt and implement proper cyber security plans.