African businesses need to take more decisive steps to prioritise data protection and enhance enterprise security in order to mitigate the high cost of cyberattacks.
Ken Munyi, Country Manager at iWayAfrica Kenya says the millions of cyberattacks that take place every year across the continent are cause for concern, particularly for Africa’s larger economies such as South Africa and Nigeria, as well as Kenya which was ranked as the 69th most vulnerable country in the Global Threat Index out of 127 nations, last year.
“Guaranteeing data protection is vitally important for minimising financial loss while also complying with regulatory requirements and meeting customer expectations. Organisations need to take a proactive approach to enterprise security and view it as a strategic investment as opposed to an onerous expense to the institution,” notes Munyi.
Since threats like ransomware and malware continue to reach new levels of sophistication, Munyi says traditional and one-size-fits-all defences are no longer enough to properly address and reduce the potential risks of a cyberattack. “Just as the physical security of a business might include burglar bars, security gates and CCTV cameras, a similar multipronged approach is necessary for cybersecurity and should encompass security at the network perimeter and end-point level, together with application, email and web security measures.”
When security breach occurs
Munyi recommends organisations carry out a comprehensive assessment of their existing processes and procedures, identify what needs to be protected, and assess the specific risks and potential impacts on the business. “The iWayAfrica approach is to treat every customer context as unique with regard to solution design, support and pricing. Any well-crafted enterprise communication solution should allow for personalised support and create discernible value by allowing organisations to thrive in their chosen areas of focus.”
Should a security breach occur, Munyi advises organisations first focus their efforts on mitigation of data loss and then formulate a plan of action that identifies where the breach originated, an assessment of the damage, and a strategy to prevent similar threats from materialising in the future. “According to current estimates, Kenya has lost about Sh20 billion as a result of cybercrime, yet only 4% of Kenyan companies spent more than Sh515,000 (the equivalent of 5,000 US dollars) on cybersecurity,” says Munyi.
The vulnerability of Kenyan organisations to cyberattacks can also be seen within the broader context of challenges faced by Telcos in the country according to Munyi. These include a shortage of skilled experts in the ICT sector and a disruptive political environment, particularly during election cycles, during which businesses opt to delay major decisions leading to a slowdown of economic productivity.
“Ultimately, issues around cybersecurity deserve increased planning and attention. There is no doubt that security reliability of information connected over distributed networks offering convenience to stakeholders is vital both in the public and private sectors,” concludes Munyi.