Web Security & Hacking in Kenya

Web security is one aspect most people often overlook whenever they are setting up their online business or establishing their online presence in Kenya. They tend to focus on the elements that they can see; things like: How does their logo looks on their site? Are their brand colors present on the website? Is the design both eye catching and functional? These are all valid questions, which shouldn’t be overlooked when creating a website, however an attack on your website could render all those questions irrelevant in an instant.

Some Kenyans still follow the common axiom “out of sight out of mind”, whereby just because web security doesn’t contribute much to the aesthetics they deem it as unnecessary or something they can forego. So they just focus on what they can see and disregard what they can’t. However, not getting some form of security for your website means that you are leaving yourself vulnerable to attacks. Even today, there are Kenyans who still think about cyber crime as “the stuff of movies”, something that can’t happen in Nairobi or anywhere close to home. However on Monday 3rd June 2019, we were reminded that cyber crime is indeed a very real threat, even here in Kenya the Silicon Savannah. 

Image showing notice by ICT authority that their website is under maintenance.
After the ICT authority had taken back control of the hacked websites, This was the message that users encountered when they tried to access the affected sites.

On this particular date, about 18 Kenya government websites were hacked by the Kurd Electronic Team. The attackers defaced the websites by placing their logo on the landing pages, a clear indication they had taken control of the sites. This caused a panic amidst the public especially when it came out that one of the websites affected by the attack was The Integrated Financial Management System (IFMIS). The realization that there could be real financial implication resulting from the systems being compromised really drove the point home; a cyber-attacks can happen to anyone at any time. Digitization not only brought the good stuff online, but the bad as well.

Image showing the defaced IFMIS website after they had been hacked.
The defaced IFMIS website landing page

Fortunately, the ICT authority (the body tasked with the management of all Government of Kenya ICT functions) soon got back control of the sites in question and pretty soon after, most were back up and running before the greater public had suffered any disruption. However it wasn’t fast enough. Some of the media houses had already gotten wind of what had occurred and it was topic of discussion on several news outlets buy lunch time. The damage had been done, the attackers had compromised the websites, the government systems had been deemed vulnerable and the public was already questioning how safe their data was. Representatives from the ICT authority tried to allay the public’s fears but doubts still lingered in their minds, especially with the recently concluded Huduma number registration exercise.

This was enough evidence to prove that web security in Kenya isn’t something to be overlooked. One thing most people don’t realize is, you don’t get security because you anticipate that you will be hacked, but rather what you are actually doing is giving yourself peace of mind. Peace of mind knowing, that your data is safe, your user’s data is safe, your operations won’t be disrupted by such attacks, and questions won’t be asked about whether your systems are safe or not. It gives you peace of mind to continue doing what you do best.

And it isn’t only us at Legibra that are advocating for web security; back in July 2018 Google made it a policy to flag websites that do not have a Secure Sockets Layer (SSL). Since then, any website without an SSL is marked as “Unsecure” by Google’s Chrome browser and other major browsers like Mozilla.

Image showing one website without SSL versus Legibra's website with SSL
What users see if your site is secure or unsecure

So Google is making an effort to ensure that all sensitive information sent across the internet is secure and only accessed by the intended recipient. Soon web security is going to become the norm, so don’t wait until it’s too late. Protect your domain with an SSL starting from as little as $15 USD / KES 1500 per year. Don’t wait until you become a victim of hacking to get protection for your website. Protect your Domain.

Secure Sockets Layer poster for Legibra

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.