Cyber threats and cyber security in ISO certified organizations in Kenya

Abstract

This research is about cyber threats and cyber security in ISO certified organizations in Kenya. The research was motivated by the need to establish the cyber threats facing the ISO certified organizations in Kenya, the cyber threat countermeasures these organizations have implemented and how effective the implemented countermeasures are in managing the cyber threats faced and the overall cyber security of the organizations. ISO certified organizations in Kenya are under a lot of pressure to give their customers quality products and services efficiently. So as to meet their customers’ expectations on quality products and services efficiently, the ISO certified organizations have had to rely heavily on the use of ICT systems which are networked and connected to the internet through the national fibre network. With networked ICT Systems, the organizations have become more vulnerable to cyber attacks. The objectives of this research were to establish the cyber threats being faced by ISO certified organizations in Kenya, the cyber threat countermeasures these organizations have implemented and the effectiveness of the countermeasures implemented to managing or counter the cyber threats and ultimately the overall cyber security. A descriptive survey targeting ICT officers, ICT Managers, IT Managers, ICT officers, Information security officers, chief information officers, Heads of ICT as well as ICT Directors was carried out in 45 ISO certified organization in Kenya selected randomly from a population of 175 ISO certified organizations. Overall 35 respondents returned fully completed survey questionnaire resulting in a total response rate of 77.8%. The main instrument for the survey was a questionnaire and descriptive statistics was used for data analysis. The study found out that ISO certified organizations in Kenya face the following cyber threats: insider threats, VOIP PBX Fraud, social media, denial of service (DoS), botnet attacks, online and mobile banking fraud, mobile money fraud and cyber espionage. The study findings also indicate that although most ISO certified organizations have implemented effective cyber threat countermeasures to the cyber threats facing them, some of the organizations have not. Some of the organizations that have not implanted effective countermeasures lack even a cyber security policy which is a crucial blue print guideline and source of reference for managing cyber security.