By Staff Reporter.
Deposit-Taking Savings and Credit Co-operative Organizations, presently holding more than Sh 600 billion in deposits have been urged to be on the lookout for fraudsters, who are prowling on all their electronic platforms with the aim of carting away millions in stolen cash.
While commercial banks have been the main target of electronic fraudsters, this sophisticated syndicate of criminals have widened their dragnet to Savings and Credit Co-operative Societies-where internal controls and risk mitigation measures are weak or non-existent altogether.
“Although the entry of ICT has been able to support growth in Saccos, let us also be aware that cyber-crime is thriving. There is therefore need for Saccos to constantly review their internal control systems in order to protect cash belonging to members. Otherwise, if this is not done, then consumer confidence levels in the Sacco industry will be affected resulting in erosion of all the gains Saccos have achieved so far,” said Fred Obonyo, Deputy Commissioner for Co-operatives in charge of Co-operative Finance and Banking.
It is the deep pocketed Savings and Credit Co-operative Societies that are increasingly being targeted by cyber criminals. Most of these Societies are apparently unaware of their vulnerabilities.
“Saccos have over time relied heavily on manual transactional systems to run their operations, but, with the increase in transactional volumes, some Saccos have started investing in technology, by automating their processes without investing in anti-fraud systems; that is where the exposure comes in,” said William Makatiani, Managing Director of Serianu- an information technology services and business consulting firm.
Serianu which published the Africa Cyber Security Report 2016 in conjunction with United States International University-Africa’s Centre for Informatics Research and Innovation, said that majority of organisations in East Africa spend less than $5,000 annually on cyber security products while some had no budget and did not train their staff on cyber security.
“Organisations are making the wrong investments in security infrastructure and thus failing to anticipate, detect, respond and contain their cyber threats. What is more alarming from our analysis is the disparity between the cost of cybercrime and budget allocation to technology products,” said Makatiani.
The report cites the top cyber security issues in Africa as low awareness, increased insider threats, inadequate budgets and management support, increased Internet of Things threats and emerging technology and enterprise resource planning.
Others are poor vulnerability and patch management, poor implementation of regulation and policies, cyber bullying and ineffective identity and access management practices.
Makatiani said that there is also a marked change in the number and type of software used to propagate the attacks, with the criminals increasingly using software that is harder to detect.
“A major challenge facing cyber security law enforcers is prosecution. In Kenya, only 3 per cent of reported cybercrimes were successfully prosecuted in 2016, as inadequate training and awareness among the law enforcement and judiciary officers make prosecution of these cases impossible,” said Makatiani.
Increased use of smart devices carries associated risks, as they are poorly managed or configured, leading to the likelihood of compromise.
The pervasiveness of the Internet has introduced an online community via instant communication, one which endangers the lives of those exposed to it. The amount of personal information that Internet users publish on social sites has been used against them in cases of cyber bullying, stalking and harassment, with some cases leading to crimes such as kidnapping.
African organisations are implementing new technologies and automating their business processes without ensuring adequate security controls are in place. Most organisations do not have vulnerability and patch management programmes, weaknesses that lead to unpatched systems and insecure applications, exposing them to attacks.
