Kenya ill prepared amidst rising security threats

Serianu Kenya has released its first edition of the Kenya Cyber Security Report. The report was released Tuesday morning at a well attended event held at the Serena hotel Nairobi. Serianu Kenya was formed by a number of consultants, including William Makatiani formerly at Delloit and Touche. Makatiani says Serianu helps businesses “collect, protect and analyse critical business information.”

The launch of the report is meant to come up with a local assessment and measure of the country’s threat landscape against which other measures can be benchmarked. This is in contrast to relying on reports and assessment based on another country’s threat landscape.

Titled the “Kenya Cyber Security Report”, the report seeks to “provide insights, trends and development” in the country’s IT sector. Surveys for the report were carried out between January to April, 2012 and includes information obtained from “underground sources,” The report reveals that insiders remain the biggest security threat to a company.

This is backed by data from Symantec which indicates that 80 per cent of threats were from insiders such as employees and contractors.
Symantec says that there were 20 million new malware variants released in 2011, more than malware from the previous 7 years combined. 55 per cent of global attacks were found to come from the Russian Business Network, which is a highly organised cyber crime group based in Russia and said to have political backing in the country.

Among factors hugely contributing to the current state of enterprise security include the consumerisation of IT. Makatiani says that many company employees are now carrying mobile devices including smartphones and tablets. This can be easily misplaced or compromised.
Government and industry regulations and standards are also playing a major role in the shaping of the sector. These include Central Bank of Kenya guidelines and payment card standards such as PCI-DSS.

Makatiani says the prevalence of easy-to-deploy-technology such as the Linux, Apache, MySQL and PHP (LAMP) stack means that it is now easier to compromises websites. A majority of web applications are run on the LAMP stack. The stack has vulnerabilities which are often published on the Internet and automated tools which can exploit such vulnerabilities.

Site administrators who do not patch their applications against discovered vulnerabilities thus leave them exposed and are a common target of learner hackers known as “script kiddies”. The hacking of 103 government of Kenya websites was such an example of this. MySQL, Cisco’s router IOS and Microsoft’s Windows Server 2008 were among applications with the highest number of reported vulnerabilities. This is based on information which firms based in the United States are required to submit annually.

Another issue that will impact the country’s security sector is the increase in numbers of highly technical and unemployed graduates. Makatiani says that countries in the Eastern European Bloc, a common origin of malware and cyber security attacks, also have the same issues of unemployed, technical graduates.

Hacking tools are also easy to purchase and highly powerful with cloud technologies. A tool to run a Distributed Denial of Service (DDOS) attack is available for hire at a few dollars per hour. DDOS attacks are able to bring a majority of websites down by creating more connections to a server than it can handle.

The report recommends the government to set a legal framework for cyber security as a means of guiding the industry.  Among pertinent issues that imply the need of such a policy include liability of firms in case of loss of user data such as usernames, passwords and credit card numbers they had collected.


Kenya has a worms prevalence of 36 percent versus a worldwide average of 11 percent. Trojans in the country are at 19 per cent versus a global average of 20 percent while viruses were at 25 per cent versus a global average of 6 percent. The data is based on the Microsoft Security Intelligence Report (MISR).

Internet usage has grown rapidly in Kenya with the Communications Commission of Kenya (CCK) estimating that there were 17.38 million Internet users in Kenya as at December 2011, a 96.63 per cent increase from 8.8 million users in December 2010. This has seen more Kenyans exposed to Internet security threats. In addition, most companies are ill prepared to protect or defend themselves from such threats.

Kenyan Internet Service Providers (ISPs) have poor reputation scores, caused by a huge number of infected PCs on their networks which are in turn used in attempts to attack other PCs and send out spam email. This means that mail sent from such ISPs ends up being classified as spam or likely spam. One of the ISPs had a poor reputation score of 99.84 per cent.

Top botnets in the country include Torping,  Grum and Waledac. Torpig records keys typed on an infected PCs keyboard and sends them over the Internet. Data collected includes usernames, passwords and credit card numbers. Grum is spread through autorun registries and is notorious for pharmaceutical spam. Waledac is a worm that replicates itself via email and collects password.

According to MISR, top viruses in the country include Win32/Autorun, Win32/Sality and Win32/Rimecud. An example of these threats affecting organisations include a leading media house which had its April 2011 payroll published online. Another firm had a wide range of information including management memos, internal audit reports, internal email messages and HR documents since May 2011 published online.
The Kenya Cyber Security Report 2012 is available for download at :


CIO Kenya



Tags: , , ,
%d bloggers like this: