The Nairobi Metropolitan Services(NMS), in a bid to eliminate unlawful approvals, developed the e-construction system. The system is extremely efficient as development plans are submitted and approved online. Further, approved plans will bear a unique QR(Quick Response) code as proof of authenticity of approval.
Unfortunately, in June of 2020, the e-construction system was hacked and 18 building plans were illegally approved. NMS was forced to suspend the e-construction system so as to mitigate its vulnerabilities.
THE WEAKEST LINK IN DATA PROTECTION!
It is said that the hacking of the system was facilitated by the help of an employee within NMS.
This is not a surprise, as a McAfee report on data exfiltration found that people inside organizations caused 43% of data loss and attacks either deliberately or through negligent acts. This goes to show that employees are often the weak link in an organisation’s data security.
BE FIRST OR BE IRRELEVANT?
Understandably, businesses operate in an extremely competitive market. Businesses are forced to employ Guerilla Marketing tactics and offer innovative, cutting-edge technology. In business, you are either first to launch a product or deemed irrelevant!
Unfortunately, technological innovation is often developed and aggressively pushed into the market without any safeguards against cyber threats.
And, while being first may positively reflect on the brand and bottom line, it takes only one cyber-threat to suspend the product, lose brand credibility and spend colossal amounts of money on damage control.
CYBERSECURITY POLICIES ARE THE ONLY CURE!
Organisations should realise that developing tech systems should go hand in hand with developing cybersecurity policies. It is through these policies that your organisation assesses compliance with the law (Data Protection Act) and implements strategies to mitigate cyber-security vulnerabilities. It also deals with the menace of a potential weak link and provides a guideline to employees on access and use of data as well as consequences for breach.
Further, existing policies must be annually updated and audited as technology is continuously changing and hackers are getting smarter.
Cybersecurity policies are, therefore, critical for all organisations. Remember, cyber actors do not and will not discriminate. Both the public and private sectors are fair game. The only way to effectively insulate yourself is having and updating your cybersecurity policies.
DO NOT REACT, BE READY TO RESPOND!