Listen to This Article Enhance your reading experience by listening to this article.

William Baraza, director African Advanced Level Telecommunications Institute, highlights how far the country has come

Milliam Murigi @millymur1

The Internet is becoming an increasingly important tool in our lives. Is it possible for Kenya to have free secure cyberspace?

Data privacy governs how personal data is collected, stored, processed, used, and shared.

It accords a subject the right to consent to collection of personal data; ensures data is used for the original purpose it was collected for; and ensures confidentiality of that information.

The right to privacy is already enshrined in Article 31(c) and (d) of the Constitution.

The government, therefore, is responsible for privacy of its citizens in cyberspace.

To achieve this, it needs to enact relevant cybersecurity laws and regulations, set up government agencies to implement them, and educating security agencies and public on cybersecurity skills.

Data protection must be addressed at governmental, organisational, and personal levels.

The Data Protection Act was adopted in 2019. What are its advantages and disadvantages?

The Act recognises the right of an individual pertaining to their data, where personal data has been widened to include property details, marital status, and family details, including names of children, parents, or spouse(s).

It also gives them a legal entitlement to file complaints with the Data Commission.

The Act also contains data protection principle prohibiting transfer of data outside of Kenya. It also prescribes fines up to Sh5 million or an imprisonment term of up to 10 years relating to breach of the Act.

However, just like any new law, there are some areas that need clarity to ensure personal data is effectively and adequately protected.

Global cost of cybercrime is continuously rising; should organisations consider insuring assets against it?

Cyber threats are real and their impact can be disastrous, making it imperative for organisations to identify risk response mechanisms.

Risks can never be completely eliminated even after implementing the most secure safeguard.

The current data protection laws make it more practical to choose a risk response alternative such as insurance.

What is the impact of emerging technologies such as AI, Blockchain in era of cyber threats?

Emerging technologies are playing an increasing role, with security tools analysing data from millions of cyber incidents, and using it to identify potential threats such us a new variant of malware.

However, these technologies are not exclusive to network defenders. Attackers and cybercriminals equally have access to them.

Cybercriminals will take advantage of new technologies to create sophisticated threats.

There is always a constant battle between attackers and defenders. However, blockchain is a potentially applicable cybersecurity technology that can be used to create trust in an untrusting ecosystem.

Blockchain can virtually be used for application from medical, finance to land registration and even handling elections.

Cybercrime is a major challenge to our economy costing us about Sh30 billion per year according to a 2018 Microsoft report. Are there innovations that can help us address different cyber threats?

As cybercrime continues to evolve, new attack methods are invented daily. Several innovation are being developed to counter them including AI, machine learning, blockchain cybersecurity, embedded hardware authentication.

However, cybersecurity should not only be addressed from technology perspective; there are several principles such as zero-trust model that makes security administrator more aware on security issues.

Defence-in-depth is another principle that should be used to ensure there are several layers of security used to protect data.

We are in a digital economy and data has become the new gold. Are we prepared to handle cases of cyber espionage as a country?

Cyber espionage is process of obtaining information not normally publicly available.

Government alone will not secure the country; a multi-faceted approach involving businesses and the public is needed to ensure security of the country.

So far we have seen some efforts from the government and Communications Authority of Kenya has also been running campaigns to sensitise the public on matters relating to cybersecurity.

As organisations continue to adopt and drive digital transformation, staying ahead of the threat is becoming increasingly difficult to achieve. What is the new evolving threat landscape, challenges and how can they be addressed?

The knowledge, skill, tools and technologies used by cybercriminals match what their cyber security counterparts use.

This creates an ever-shifting landscape with each party trying to outsmart the other.

New threats targeting industrial controls systems and IoT devices, phishing, malware scams, denial-of-service, broken authentication are experienced daily, but cybersecurity professionals continue to mitigate cybersecurity risks and protect sensitive systems and critical business data.

What needs to be done to bridge the cybersecurity gap?

Globally, the Cybercrime Magazine reported there will be 3.5 million unfilled cybersecurity positions in 2021. Solving the skills gap crisis requires all stakeholders involved. 

The Ministry of Education needs to promote STEM curriculum to prepare young people to take up careers in ICT and cybersecurity. 

Universities and tertiary colleges must adopt new curricula that address current cybersecurity needs.

The ministry of ICT needs to educate the public on the dangers of cyber insecurity. Finally, businesses must continue to invest in training and re-training cybersecurity staff.

These organisations can also invest in internship programmes to prepare young graduates for the challenging career in cybersecurity.

Employees can take certification courses to test their level of skills as they update their skills set in the ever-changing cybersecurity landscape.