Learning Institutions urged to invest in cyber security

Sep 13, 2023 - 15:06

Egerton University Vice Chancellor Professor Isaac Kibwage (6th left) and The Kenya Education Network (Kenet) Executive Director Professor Meoli Kashorda (4th right) after leading teams from the two organizations on deliberations over ways of implementing cyber security strategies to safeguard research and data. Professor Kashorda underscored the importance of learning institutions remaining consistently vigilant about the ever-evolving cybercrime landscape and the methods malicious actors use t

Nakuru,

Wednesday, September 13, 2023

KNA by Anne Mwale

The Kenya Education Network (Kenet) has advised polytechnics, Technical Vocational Education Training Institutions (TVETs) and universities to allocate more resources towards advancing their cloud and digital strategies and cyber security capabilities.

Kenet has indicated that as the country’s institutions of higher learning increasingly harness ICT driven education and research, a key objective should be to leverage the resourcefulness of the Internet and maximize productivity while keeping threats at bay.

The Network’s Executive Director Professor Meoli Kashorda noted that while cyber space was an integral component in the education system as well as other social aspects cybercrime was increasingly becoming more lucrative and more appealing to the perpetrators.

“Channeling more financial and manpower resources by educational institutions towards enhancing cyber security capabilities is a necessary investment. This is because cybercriminals may make an institution lose information permanently, cause business disruption, loss of time, harm to reputation, and huge financial losses,” noted Professor Kashorda.

Speaking during a meeting with Egerton University top management on ways of implementing cyber security strategies to safeguard research and data, Professor Kashorda underscored the importance of learning institutions remaining consistently vigilant about the ever-evolving cybercrime landscape and the methods malicious actors use to breach cyber security measures, adding that complacency is a luxury no one can afford.

During the deliberations that took place in the Vice-Chancellor's Boardroom Professor Kashorda observed that with the increase in cloud, mobile computing and the Internet of Things(IOT), as well as advanced targeted cyber-attacks and cyber terrorism across the globe, the need for a stronger cyber security workforce in polytechnics, TVETs and universities was critical.

“Many systems used in today’s institutions are insecure because they are built to work using technology that is 15 to 20 years old. Since cybercrime has become a service for sale, learning institutions need a pool of experts to counter the ever-sophisticated mechanics developed by the criminals who are now in big business. Institutions well prepared should be able to analyze threats and respond to them before they happen,” stated the Executive Director.

Egerton University Vice Chancellor Professor Isaac Kibwage who hosted the meeting was accompanied by Deputy Vice-Chancellor in charge of Academic Affairs Professor Bernard Aduda, his Administration, Planning, and Development counterpart Professor Richard Mulwa, Academics Registrar Professor Mwanarusi Saidi, ICT Manager Dr Phoebe Fedha and Dean of the Faculty of Health Professor Samson Obure.

Professor Kashorda called for an increase in Egerton University’s current bandwidth budget as the move would facilitate the upgrading, expansion and enhancement of digital learning and research capabilities.

He noted that denial of service (DOS) incidents through cyber hacking were becoming common in Africa and disrupting services offered by both public and private sector while increasingly sophisticated methods like Cybercrime-as-a-Service (CaaS) are becoming more popular in the continent, meaning businesses can no longer rely on outdated technologies and processes.

The Executive Director indicated that following the outbreak of the Covid-19 pandemic, institutions adopted remote work strategies, which increased their digital real estate and exposed them beyond the boundaries of their physical network.

Attackers, he noted, now have a larger surface on which to deploy actions that jeopardize the processes and techniques involved in safeguarding sensitive resources such as data, systems, networks, applications, and even Internet of Things (IoT) environments.

“Organizations are confronted with the increasingly difficult task of safeguarding their expanded digital estate against rising cyber threats. Previously, they'd implement security processes based on the physical network boundary, which was limited to their official premises,” he added.

According to the 2022 Sophos ‘State of Ransomware report’ Ransomware, a type of malware that infects files and folders and prevents them from being accessed, is one of the most rapidly growing types of attacks on this newly exposed digital real estate. Attackers demand a ransom (hence the name) from their victims in exchange for a decryption.

The report further states that despite some companies paying a ransom of $812,360(Sh119,010,740), only 61 percent of encrypted data is recovered. This demonstrates that, even in the case of ransomware, prevention is always preferable to cure.

For security-conscious polytechnics, TVETs and universities, Professor Kashorda said the drive for better cyber security should begin with hiring the right people for the job.

He explained “Once the right team is in place, institutions can begin to improve their cyber security by identifying and sealing loopholes, as well as rebuilding their security infrastructure to weave throughout their systems and applications. This not only prevents attackers from entering but also provides safeguards if malicious actors manage to breach the external security features."

According to a recent report by Kaspersky, a global cybersecurity and digital privacy company, spyware attacks targeting organizations in Kenya increased by 12.9 percent in the first quarter of 2023. This surge, Kaspersky says, calls for attention and proactive measures to safeguard the digital infrastructure.

Cybercriminals are now sending malicious software to gather data from devices and later send it to third parties.

Dmitry Galov, Head of the Kaspersky Global Research and Analysis Team on the other hand says that “Installing effective security solutions will likely draw attackers away from an organization.

Cyberattacks on Kenyan businesses increased by 82 per cent according to a pan-African cyber security report released by Liquid C2, a business unit of Liquid Intelligent Technologies.

The report titled The Evolving Cyber Security Landscape in Africa 2022 also covers South Africa and Zambia who both recorded an increase of 62 per cent in cybercrime. It features research, analysis, and a finding across the three countries on the evolving cyber security threats present in Africa and illustrates how Cyberattacks against all large enterprises ramped up dramatically.

“The biggest concern emerging from this report is that companies are saying that they‘ve put a lot more cyber security controls in place. With threats evolving faster than security systems, companies cannot afford to get complacent,” said Liquid C2 CEO David Behr.

Courtesy; KNA