“In 2016, we witnessed more advanced attacks in banks mostly perpetrated by insiders, raising the concern that the banking sector is unprepared to deal with insider threats,” Mr. William Makatiani, Serianu Managing Director during a three day forum Kenya school of Internet Governance held in Nairobi.
Joseph Nzano from the Communications Authority of Kenya (CA) disclosed that Kenya is ranking as one of the high sources of cyber attacks. “We need to develop a harmonised framework for internet governance,” he said.
Serianu report discloses that about 44 per cent of financial institutions run on a meagre cybersecurity budget of less than 1,000 USD annually, whilst about 33 per cent of financial institutions in Kenya had no spending on cyber-security.
Currently, most banks are increasingly adopting technology to offer increased access and convenience to customers however, this has also opened the door to increased online security risks.
Central Bank of Kenya (CBK) says, “It is well aware of the fact that cyber risk will keep morphing due to the evolution of cyber threats in Kenya and across the globe.”
With its cyber security guidelines, “Therefore, CBK mandates all institutions to review their cybersecurity strategy, policy and framework regularly based on each institution’s threat and vulnerability assessment.”
“All institutions are required to submit their cyber security policy, strategies and frameworks to the CBK by August 31,” the note said.
“The institutions should also notify the Central Bank of Kenya immediately when it becomes aware of a cybersecurity incident that could have a significant and adverse impact on the institution’s ability to provide adequate services to its customers, its reputation or financial Condition.”
CBK’s Guidance Note outlines the minimum requirements that institutions shall build upon in the development and implementation of strategies, policies, procedures and related activities aimed at mitigating cyber risk.
