The World Council of Credit Unions’ (WOCCU) and Kenya Union of Savings and Credit Cooperatives (KUSCCO) conducted a survey and discovered how vulnerable cooperative societies in Kenya are against cyber criminal
The SACCOs managers are reluctant to divulge details about the nature and level of losses incurred during cyber-attacks, a survey conducted by the Kenya Union of Savings and Credit Cooperatives (KUSCCO) and The World Council of Credit Unions’ (WOCCU) says.
It says that the absence of critical policy documents leads to the ineffectual implementation of digital technologies, which in turn begets operational and technical inefficiencies and associated financial costs that are difficult to manage down the road. “Think of it as going shopping without a shopping list only to buy things that do not meet your needs and are costly to maintain,” says the report.
KUSCCO report documents that they (Saccos) are oblivious to the sophisticated cyber-attacks that face them while others do not take simple measures to protect sensitive information which leaves them open to attacks
The SACCOs indicated that the high cost of acquiring and maintaining ICT hardware and software, and the dynamic nature of cyber-attacks were the major cybersecurity concerns that they face. They added that they are unable to keep up with these changes, and the situation is made worse by limited human resource capacity to handle the multi-billion shillings threats as they emerge.
“Further, many members lack enough information or knowledge on the cybersecurity landscape and best practices that they should use to protect themselves.” The KUSCCO report documents that they (Saccos) are oblivious to the sophisticated cyber-attacks that face them while others do not take simple measures to protect sensitive information which leaves them open to attacks. Some members, due to illiteracy or trust, openly share their identification numbers with family members or close associates. Members are also susceptible to social engineering and phishing attacks.
From the survey, it was observed that the cybersecurity gaps could be symptoms of a larger problem. As an IT manager at one of the SACCOs pointed out, “SACCOs are not innovative! The benchmarking culture has changed to the copy-paste culture”. He laments the failures of the learning and collaboration efforts among SACCOs “that have brought with them many avoidable problems”. He recommends the customization of solutions to fit unique situations.
It says KUSCCO’s Education and Training Department has already taken a step in the right direction by providing training to SACCOs on building their cyber-resilience. During one such training, trainers recommended that SACCOs do not focus on the budget so much, rather, emphasis should shift to understanding the SACCO needs and the personnel capacity as well, adding that “cybercrime is a social issue, not a technology issue”.
Personnel training and good policies could address some of the challenges SACCOs face. Additionally, WOCCU provided an analysis of three core banking systems and laid out a benchmark for systems selection based on the suitability to SACCO needs, but is also efficient, secure, fast and cost-effective.
According to IRNet, essential steps towards managing cyber-attack incidences include familiarization with the laws governing data collection and privacy, identification of essential data assets, mapping out virtual or physical threat points, reviewing terms and conditions of contracts with vendors, creating a cybersecurity incident response team and identifying their tasks and responsibilities, enabling automated activity logging and monitoring, and planning primary and secondary communication channels.
There’s no story that cannot be told. We cover the stories that others don’t want to be told, we bring you all the news you need. If you have tips, exposes or any story you need to be told bluntly and all queries write to us [email protected] also find us on twitter.