Saccos most vulnerable to cyber-attacks, says report
Kenyans lose more than Sh40 billion to cybercriminals annually with savings and credit cooperative societies (Saccos) paying the highest price.
A new report by cybersecurity consulting firm Serianu titled Easing the digital transformation of saccos, says 96 per cent of Saccos spend less than Sh1 million annually to protect the clients’ savings and client information.
It further states that 84 per cent of the Saccos lack formal standards for IT governance exposing them to hacking.
“The reality is that some Saccos have low operating budgets based on their income from lending and investing members’ contributions. But these are not at the capitalisation level of banks, yet their cybersecurity risk levels remain almost at par,” said Serianu chief operating officer Joseph Mathenge.
Hackers are targeting Saccos more since they don’t have secure systems in place making them easier targets than commercial banks which deploy money for cybersecurity protection.
During the launch of the report, George Ombaso, the executive director of ACCOSCA emphasised the need for Saccos to invest in cybersecurity as they continue to embrace technology.
In the case of attacks, many Saccos will be caught off-guard and may never be able to retrieve any lost data as 76 per cent of the Saccos in Kenya lack Business Continuity Plan (BCP).
Saccos are major saving and investment vehicles that many Kenyans use to save and borrow money at low-interest rates.
The nine months’ survey revealed that Saccos across the country are attracting cybercriminals today more than ever, pointing to an urgent need to recruit better-skilled professionals and invest in comprehensive training for Sacco managers.
The findings show that up to 74 per cent of Saccos across the country do not monitor vendor activities on their networks exposing them to cyber-attacks.
The Saccos also lack IT steering committees at the executive and board level since they are not seen as being relevant.
The growing cybercrime menace has forced the Central Bank of Kenya to issue guidance on Cyber Security to public institutions listing minimum requirements for businesses to prevent cybercrime.
One of the requirements is that the members of the board of a company must understand cybersecurity matters and possible threats to businesses.
In the note, CBK also requires that companies perform regular checks to ensure they are safe from cyber theft.
Serianu estimated in another report that Sh230 million was lost through computer fraud, Sh100 million through business emails, Sh70 million through fake cheques, and Sh66 million in identity theft in what is increasingly becoming a major business risk in the country.