According to a Kaspersky research, the first quarter of 2018 showed an overall increase in local threats infections (malware spread in local networks, by USBs, CDs, DVDs) with Kenya taking the first place with 61.8% of its users infected.
And with the uptake of Bring Your Own Device (BYOD) being a reality that many organisations are grappling with, it is crucial for organisations to take security more seriously as they will be facing a wide range of cyberthreats that come from the outside as well as from the inside. Having a holistic approach to cybersecurity that unites an effective IT security solution, will ensure employees are educated and security policies are understood and followed to help organisations improve their security posture.
According to Bethwel Opil, Enterprise Sales Manager at Kaspersky Lab Africa, cybersecurity is a never-ending struggle that businesses need to have site of at all times given the increase in demand for digitally operating business.
In fact, for small companies with under 50 employees they must deal with cyber threats like everyone else, but unlike larger firms, they might not be able to prioritise IT security, with their focus being primarily on business growth.
In fact, small businesses are appealing to hackers as they typically have a moderate amount of valuable data with minimal security, which hackers can use to steal from many others. Considering that SMEs constitute approximately 98% of all business in Kenya, create 30% of the jobs annually as well as contribute 3% of the GDP1 – it’s critical that online security is not a challenge that hampers their growth, but rather allows them to digitalise without security technical expertise.
A survey by the Kenya National Bureau of Statistics indicated that approximately 400,000 micro, small and medium enterprises do not celebrate their second birthday. Few reach their fifth birthday – leading to concerns of sustainability of this critical sector.
“While there are a number of hindrances, thinking you’re too small to be of interest is exactly the mindset that cybercriminals are exploiting to launch increasingly sophisticated malware against small businesses. In fact, they know what many SMEs don’t: They are a target,” states Opil.
“Unfortunately, many SMEs view IT security as a ‘commodity’, seeing little difference between the various options available to them. That’s a dangerous myth; even a one per cent difference in detection rates can result in hundreds of thousands of pieces of malware slipping through the nets over the course of a year, especially considering how many new pieces of malware are detected every day. The most dangerous threats are the ones SMEs know about,” he added.
Opil states that the increase in malicious infections has something to do with the uptake of BYOD and an increase in access.
“As Internet usage grows and given the fact that cybercriminal activity is advancing globally, with more businesses in Kenya relying on technology, connecting to more devices, as well as aspects such as Bring Your Own Device (BYOD) and the Internet of Things (IoT) for work and social purposes, this opens up any business and person to the world of security threats. And where there is an opportunity, there are cybercriminals,” he says.
In conclusion, as organisations continue to face a wide range of cyber threats, whether it’s from inside or outside their company, the starting point to minimise these intrusions, is following a holistic and well-rounded security approach.
“It starts with organisations identifying the data that is critical to them and that criminals would be after. Second, is deploying rigid security solutions that will ensure that their data is safe and could be revived if lost or damaged. This must be done in conjunction with employee education programmes and consistently updated security policies – which are understood and followed by everyone within the business,” said Opil.
“No company can mitigate the risk of cybercrime in the digital world merely by having an IT department – and if the right solutions, policies, and education programmes are not in place, the business may find the digital world a very difficult place to navigate,”Opil concluded.