Kenya urged to review outdated cybersecurity laws
The government has been urged to review the existing cybersecurity laws in Kenya and develop a national policy to replace existing ones that have been outdated by the industry.
The call is part of the recommendations from a study looking into the vulnerability of the country’s fintech sector to cybercrime and the available safeguards in both the private and public players.
Using reports from State institutions and regional cybersecurity think tanks, the report indicates that the threat landscape in Kenya is becoming more sophisticated with the financial service sector at especially high risk.
“The study notes that the rise of digital payments has contributed to an increase in cyber threats targeting the financial sector which continues to face challenges in detection, reporting, responding, and preventing cyber-attacks given the level of awareness, capacity, skills, and investments to promote digital resilience among the key stakeholders,” the study reads in part.
According to the report commissioned by the German development agency GIZ, Digital Transformation Center Kenya and the Kenya ICT Action Network, KICTANet, key threats reported in the country’s cybersecurity landscape include malware, web application attacks, botnets, and system vulnerabilities among others.
Read also: Hackers turn to dozy Saccos as banks tighten cyberspace
The Global Cyber Security Index by the International Telecommunication Union (ITU) ranks Kenya fifth in Africa behind Mauritius, Tanzania, Ghana and Nigeria. The index measures the countries’ commitment to cybersecurity including the legal, technical and organizational capacity.
“It is apparent that Kenya ranks well as compared to its immediate neighbours, however, the country still falls behind globally, and more importantly, in certain critical areas identified by the various assessments,” explains the report in part.
“Unfortunately, across all the indices, some of the indicators used to assess Kenya are not up-to-date, or not populated, likely due to the challenges in accessing the statistics, or due to the information not being provided by Kenya.”
The report recommends the amendment of several laws including the computer misuse and cybercrimes Act to provide a framework for banks and financial institutions to report on incidents.
The government has also been urged to conduct national cybersecurity assessments like is the norm in developed countries and regularly update the data to provide a true picture of evolving threats.
“The private sector should invest resources towards hiring and retention of skilled personnel, knowledge and capacity building, and an upgrade of infrastructure, tools, and software, as well as in cybersecurity strategies to enable organisations in the financial sector to detect, deter, and respond to cyber threats,” explains the report.
