Imagine waking up one beautiful Monday only to realize that your website has been hacked. Your online accounts, your most precious work and even your personal assets are gone. What do you do?
According to the 2017 Cyber Security Report released by Serianu LTD, Kenyan businesses lost an astounding Ksh. 21B to cyberattacks in 2017 alone. When you consider the whole NYS scandal is about Ksh. 9B you start to see just how serious cyber attacks are in Kenya.
However, let us go back to your hacked website. As the red screen of death glares at you, informing you that the website you invested in is no longer accessible, it is often tempting to pick up the phone, contact your website developers and give them a piece of your mind since you blame them for negligence. They should have prevented your website from being hacked, right?
Well, the answer here is two-fold; yes and no.
Yes, your website developers have the responsibility to ensure that your website is developed and designed with security in mind. In the same vein, your hosting company also has the responsibility to ensure that your server, be it dedicated, shared or cloud is hardened and patched often adding another layer of security to your online presence.
The second answer is no, because your online security does not start at the website design and development level. Instead, it should start at the board level, as head of ICT at NTSA, Fernando Wangila recently shared with Legibra on a round table discussion about cybersecurity for SMEs.
In Fernando’s opinion, before calling your developers or technology providers regarding your hacked website, you need to contact your board and deal with the issue according to your cyber security policies and frameworks in place. In the absence of such processes and policies, it is impossible to place the blame entirely on your technology providers because cyber security is not built in to your processes in the first place.
Cyber Attacks and Blame Games
Still, whether you call your developers or board, your website would have already been hacked, your processes compromised, and your services affected. Therefore, it makes more sense to be proactive instead of reactive.
While majority of SMEs tend to shy away from cyber security products because they fear the costs, Francis Waithaka, CEO at Digital For Africa, advises businesses to consider partnering with cyber security professionals to mitigate risks of cyber attacks while cutting on costs.
“We only have 1,600 cyber security professionals against 48M Kenyans. As a business you need to leverage partnerships if you want to have peace of mind over your online business.” said Francis at the Round table discussion on cyber security for SMEs at Legibra.
Why Are SMEs Targets for Cyber Attacks?
Despite the fact that Kenya lost over Ksh. 21B to cyberattcks in 2017, awareness of such threats remain low among SMEs.
Granted, small and micro businesses are often the targeted by cyber attacks because they are ill-prepared;
1. They do not receive any training on cyber security
2. They have no formal policies for ensuring cyber security
3. They have no cyber security measures at all.
What precautions should SMEs take?
There are simple & cost-effective ways an SME can protect itself from a cyber attack.
Inset, Francis Waithaka CEO at Digital For Africa LTD explains how SMEs can leverage partnerships to curb cyber risks in 2018.
Listen and share.