Voice Over Internet Protocol is the biggest security threat facing enterprises in Kenya. William Makatiani, Director - Serianu Limited, says that from analysis of threats on traffic passing through the Kenya Internet Exchange Point (KIXP), firms were losing a lot of money through illegal use of VOIP. He was presenting at the launch of the first quarterly security report by the Telecommunications Service Providers Association of Kenya (TESPOK) held last week Thursday.
File sharing applications were listed second in terms of targeted enterprise applications, followed by email, Cacti, Cpanel, Adobe PDF, Software activation applications and Joomla and Wordpress.
Interestingly, Makatiani says that Serianu is now seeing threats that are coming from the country and seem targeted at certain applications or firms. An unidentified server in the country has been sending baited PDF documents, which exploit out of date PDF software to install backdoors on users' computers when opened.
SSH attacks are also quite common with attacks being noticed every single day. 90 percent of such attacks can be eradicated through use of VPN and two factor authentication, which can now be deployed as a cloud based service.
Most people and firms ignore notifications to update their software, thus leaving them exposed to malware through unpatched software. Makatiani also notes that many organisations look at security as more of an expense than a necessity.
Some factors through, remain difficult to control, such as employees, who are notably among the top source of cyber attacks.
Also observed was suspiciously heavy remote access traffic targeted at IP addresses belonging to banks and insurance companies. The heavy traffic starts at midnight and ends at 6 AM. Makatiani explains that though some traffic is made to look like it was coming from foreign countries, the pattern indicated the source was within the country.
Fiona Asonga, TESPOK CEO, said that reports on the security status of various ISPs in the country has been available for some time at KIXP. It was however noted that most of the ISPs were either not aware of the report, or were not implementing its recommendations. The report lists types of threats, targeted addresses and source address in the operators' network.
Serianu has seconded security experts to KIXP, which is owned and operated by TESPOK. The experts are part of an industry cybersecurity incident response team (ICSIRT) that helps in detection and mitigation of threats in the private sector.
Speaking at the launch of the report, Communications Commission of Kenya Director General, Francis Wangusi, said that a number of banks and financial institutions in the country had been hard hit by cyber criminals, losing billions, and were "suffering in silence." Such firms would stand to benefit from the ICSIRT that can help in detection and stopping such threats.
TESPOK also launched an initiative to educate the public on cyber security, dubbed cyber usalama. The initaitive will be through a website http://usalama.co.ke/ that Fiona describes as done in easy to understand language.