Imagine waking up one beautiful Monday only to realize that your website has been hacked, your online accounts, your most precious work, and even your personal assets are gone. What do you do?
According to the 2017 Cyber Security Report released by Serianu LTD, Kenyan businesses lost an astounding Ksh. 21B to cyber attacks in 2017 alone. Considering the whole NYS scandal is about Ksh. 9B you start to see just how serious cyber attacks in Kenya are.
Hacking might you ask?
As the red screen of death glares at you, building up the courage to inform the client that their website is no longer accessible, it is often tempting to pick up the phone, contact your website developers and give them a piece of your mind since you blame them for negligence. They should have prevented your website from being hacked, right?
Well, the answer here is two-fold; yes and no.
Yes, your website developers have the responsibility to ensure that your website is developed and designed with security in mind. Similarly, your hosting company also has the responsibility to ensure that your server, be it dedicated, shared or cloud is hardened and patched often adding another layer of security to your online presence.
The second answer is no because your online security does not start at the website design and development level. Instead, it should start at the board level, as head of ICT at NTSA, Fernando Wangila recently shared with Legibra on a roundtable discussion about cybersecurity for SMEs.
In Fernando’s opinion, before calling your developers or technology providers regarding your hacked website, you need to contact your board and deal with the issue according to your cybersecurity policies and frameworks in place. In the absence of such processes and policies, it is impossible to place the blame entirely on your technology providers because cybersecurity is not built into your processes in the first place.
Cyber Attacks and Blame Games
Whose fault is it? The developers? No! this is because already the website is hacked meaning that your processes are compromised and your services. Therefore, it makes more sense to be proactive instead of reactive.
While the majority of SMEs tend to shy away from cybersecurity products because they fear the costs, Francis Waithaka, CEO at Digital For Africa, advises businesses to consider partnering with cybersecurity professionals to mitigate risks of cyber attacks while cutting on costs.
“We only have 1,600 cyber security professionals against 48M Kenyans. As a business you need to leverage partnerships if you want to have peace of mind over your online business.” said Francis at the Round table discussion on cyber security for SMEs at Legibra.
Why Are SMEs Targets for Cyber Attacks?
In spite of Kenya losing over Ksh. 21B to cyber attacks in 2017, awareness of such threats remain low among SMEs.
Small and micro businesses, often are the target of cyber attacks. This is because of negligence;
1. They do not receive any training in cybersecurity
2. They have no formal policies for ensuring cybersecurity
3. They have no cybersecurity measures at all.
What precautions should SMEs take?
There are simple & cost-effective ways an SME can protect itself from a cyber attack.
Inset, Francis Waithaka CEO at Digital For Africa LTD explains how SMEs can leverage partnerships to curb cyber risks in 2018.
Listen and share.