By SINDISO NGWENYA
THE recent hacking of twitter accounts of high-profile government institutions in Kenya brings to mind the significant changes in the level of sophistication of cyber-security threats since 1986 when the first known case of a computer virus was reported.
A few years ago, the development and dissemination of malware (viruses, worms, and Trojans) was essentially to demonstrate the technical skills of information technology (IT) professionals.
But today, we are dealing with a new form of organised cybercrime aimed at financial gain, with an expansion of the types of threats to various platforms and countries.
Spam has evolved to become a vehicle for delivering more dangerous payloads such as viruses, worms and Trojans.
Currently these are a means for online financial fraud, identity or trade-secret theft as well as various other forms of cyber-crimes.
When threats to critical infrastructures such as energy, health, transportation, finance, telecommunication, defence and other sectors are taken into account, it is obvious that the situation is likely to get worse.
One of the emerging and rather dangerous trends is the shift in strategy by hackers from the central command-and-control model for controlling botnets to a peer-to-peer model.
The latter has a distributed command structure capable of spreading to computers located in different countries.
This makes it very difficult to pinpoint one geographical location as the origin of these attacks.
Consequently, it makes it difficult to identify them and shut them down.
This shift strategy can also be used to disseminate inappropriate content such as child pornography without the knowledge of the hijacked computer owners that they are hosting and disseminating such content.
The incredible benefits that information technology has brought modern organisations have not come without risks.
These risks vary in size and scope, from revealing new vulnerabilities in our critical infrastructures to enabling new forms of fraud.
Cybercrime revenues are estimated to be approximately two percent of the global economy, larger than the entire global turn-over of the pharmaceutical industry. Estimates put credit card fraud at US$37 billion annually.
A robust market for cyber-insurance would offer several key benefits to society, foremost, a strong incentive to individuals and organisations to take appropriate precautions.
Insurance companies could reward security investment by lowering premiums for less risky actors.
Because insurance companies base their competitive advantage on risk-adjusted premium differentiation, they have an incentive to collect data on security incidents where claims are made.
This makes it inevitable for countries to develop insurance systems which will provide benefits to their citizens, financial sector and opportunities to the insurance sector.
The Common Market for Eastern and Southern Africa (COMESA), the Association of Regulators for Information and Communications in Eastern and Southern Africa (ARICEA) and the International Telecommunication Union (ITU) have already conducted a study on Public Key Infrastructure Protection.
The objective is to come up with frameworks for cyber-security and critical information infrastructure protection (CIIP).
It is also intended to share best practices adopted internationally on similar CIIP efforts and promote a culture of cyber-security besides assessing measures taken in COMESA member states on IT security.
In implementing the programme, COMESA and ARICEA will involve the judiciary system as one of the main stakeholders in order to enforce legislation and regulations
This will require training of both the police and judiciary in collaboration with other regional economic communities.
Strategies for the implementation of cybercrime programme will be developed with the involvement of the public sector private sector and financial institutions, development partners, regional and international organisations to address cybercrime.
In addition the COMESA, EAC and SADC Tripartite must have a regional computer incident response team (CIRT) and public key information (PKI) centers.
These will enable the exchange of information, experience, evidence, registration, certifications as well as enhance awareness and foster the systems. A regional approach is recommended as a means of effectively combating the scourge of cybercrime.
The author is the Secretary General of the Common Market for Eastern and Southern Africa (COMESA) based in Lusaka, Zambia.
High cybercrime calls for insurance
By SINDISO NGWENYA