Advertise with us
[April 22, 2014]
WALUBENGO: Everyone's discussing Heartbleed. Except us. [Nation (Kenya)]
(Nation (Kenya) Via Acquire Media NewsEdge) In the digital world, a vulnerability is defined as a weakness or flaw within a system that can be potentially exploited by ill-intentioned actors. All systems and, software in particular, get commissioned with various types of vulnerabilities that get revealed over time.
Typically, one should assess and implement mitigating action as soon as a given vulnerability has been discovered.
Two weeks ago, most of the developed world was captivated by the discovery of a major internet security flaw codenamed Heartbleed. This is a vulnerability found in the software that manages your encrypted communication on the internet. It runs in the background whenever you buy something online, log on to your online banking site or simply connect to your popular social media or email site.
One can understand why the rest of the world was in a state of digital emergency, as they rushed to address the crisis. An established security expert quoted by the NewYorker stated that the Heartbleed flaw is so catastrophic that on a scale of 1 to 10, it scores an 11.
A website running this broken encryption software can be tricked into revealing your passwords, credit card, banking and other information to the hackers. So why the mild, if not muted, reaction to the Heartbleed vulnerability in Kenya? WEAK RESPONSES We may not be as digitally sophisticated as more developed economies, but we are linked to them through the Internet. The general trend by hackers is to search and attack weak targets within the global Internet and subsequently using our vulnerable local networks as launching pads for further attacks.
Think about Kenya being a "transit" economy for hacking activities due to our weak responses to global information security concerns. This is not good for the country as a business destination.
The Kenya Computer Incident Response Team, domesticated at the Regulator and supported by taxpayer money to guarantee our online security could only manage an online alert on the issue. Is this enough to protect our digital reputation and the millions of Kenyan consumers who continue to engage online in blissful ignorance? Of course, this is not in any way advocating for Kenyans stop logging onto their online banking, e-commerce, social or email sites, but for a demonstration of frameworks and strategies that inspire confidence and assurance that our Kenyan cyberspace is safe for both consumers and business entities.
Posting regular security alerts on some regulatory site whose audience is largely limited to technocrats and researchers may be fine, but is not sufficient to protect consumers from the current and future security threats. Ideally, effective Computer Incident Response Teams require a collaborative approach that pro-actively engages government, industry, academia, consumers, law enforcement, the Judiciary amongst other stakeholders.
Once an information security threat of global or national stature has been identified, all players must be involved and harnessed to move in sync to address it. More importantly, the regulator should be in a position to follow up and confirm if stakeholders did indeed enhance or upgrade their systems to seal the loopholes in question.
At the national level, we lack two substantive pieces of legislation to improve our exposure to vulnerabilities online - the Data Protection Act and the Cyber Security Act. These two would describe the roles and powers each stakeholder has within the national information security ecosystem in order to effectively assure the security of Kenyan Cyberspace.
Until and unless these laws are enacted, we shall continue to be exposed to Heartbleed and other emerging information security threats without any effective or comprehensive responses at a national level. For now, please visit this HowTo site to check if you are affected and how you may protect yourself. (c) 2014 Nation Media Group. All Rights Reserved. Provided by Syndigate.info, an Albawaba.com company
Back To NFVZone's Homepage