On the first of June 2019, eighteen Kenyan government websites were hacked and defaced by a group of Indonesian cyber attackers. It took over 24 hours for the ICT Authority to restore them back, with people questioning the government’s capacity to deal with cyber-attack and protect Kenyans’ data. This was also not the first time. In 2012, a single hacker had managed to bring down 103 Government of Kenya websites.
Was the government caught napping in terms of cyber security? It is not easy to tell. Organizations invest a lot of money and resources in Cyber Security, and most of the cyber-attacks are usually stopped before they happen. However, Cyber Security, just like normal physical security, is something that is alive and growing. It keeps changing, and yesterday’s tactics may not work today. Cyber-attacks are here to stay and have been said to cost the Kenya about KES 25.9 billion in 2018. There is also an acute shortage of skilled Cyber Security personnel in the country, and the government is known not to be very competitive in hiring and retaining the best talents. However, even with the best personnel and resources, attacks still do occur.
As far as cyber-attacks are concerned, it is always a matter of when, not if. If some skilled persons decide that they must hack your website, chances are high that they will do it one day. It is just a matter of time and resources. This has seen the rise of hackers even from nondescript places such as North Korea terrorize the high and mighty USA. In the corporate world, transport and logistics conglomerate Maersk has experienced one of the most brutal cyber-attacks, which totaled its operations globally for several days and cost them about KES 30 billion. A Saudi petrochemical company was also hit by a cyber-attack last year, with attackers targeting to disrupt the safe operations of the plant and possibly cause massive explosions. Facebook, Yahoo, Adobe and others have also faced attacks. Cyber-attacks are everywhere, and it is just a matter of time if there is a target on your back.
How can governments and corporates stay safe? There is no easy solution. It will involve hard work, which means keeping a step ahead of potential cyber attackers. This is costly and it is already a multi-billion dollar industry. Currently, Israel stands out as the leader in cyber security, with great innovations from the country helping to tackle some of the most serious Cybersecurity problems in the world today. However, the first line of defense is not just these sophisticated tools, but more about ability to withstand and rise up after cyber-attack. This is why some experts today are talking more about Cyber resilience than cyber security.
Cyber resilience refers to an entity’s ability to continuously deliver the intended outcome despite adverse cyber events. In the case of the Kenyan government, this would mean being able to restore the websites that were defaced, and securing those servers used in hosting them. The government of Kenya needs to continuously increase its capacity to stop these attacks, but also improve on the time taken to get back in case of an attack. I hope the next time this happens (because it will), it will take a shorter time to get back online.