© 2013 IBM Corporation

IBM Security Systems

1 IBM Security Systems © 2013 IBM Corporation

Information Systems Security - Implications for Government

Alex KioniMSc, CISSP, CISM, CEH, ITILv3Security Systems Lead Technical ConsultantCentral, East & West Africa Region

IBM Security

© 2013 IBM Corporation

IBM Security Systems

2 IBM Security Systems

Data from the Banking Fraud Investigations Department (BFID) indicate that financial institutions reported Sh1.5 billion (~ $17.6million) was stolen from customers’ accounts in the year to April (2013).

Businesses in Kenya are experiencing numerous cases of insider threat including data leakage and insider fraud.

Poorly designed and insecure web applications expose Government and local financial institutions to possible compromise and defacement by cyber criminals.

Automated attacks targeting Government & organizations in Kenya are going undetected due to poor detection and prevention methods.

Local Trends

© 2013 IBM Corporation

IBM Security Systems

3 IBM Security Systems

Cyber criminals are selling stolen credit cards issued by Kenyan banks online for $10 US dollars.

Kenya has a higher percentage of malware infected PCs compared to global averages.

Kenyan ISPs have poor IP reputation scores leading to email and web traffic getting blocked.

There is evidence of botnet activity originating from Kenya presenting the greatest threat to critical infrastructure and corporate networks.

© 2013 IBM Corporation

IBM Security Systems

4 IBM Security Systems

© 2013 IBM Corporation

IBM Security Systems

5 IBM Security Systems

Accused of stealing $3,791,329.05 (Sh328, 644,155.17) on July 8 at the Standard Chartered Bank head office.

© 2013 IBM Corporation

IBM Security Systems

6 IBM Security Systems

Cyber criminals are selling stolen credit cards issued by Kenyan banks online for $10 US dollars.

© 2013 IBM Corporation

IBM Security Systems

7 IBM Security Systems

Businesses in Kenya are experiencing cases of insider threat including data leakage and insider fraud

© 2013 IBM Corporation

IBM Security Systems

8 IBM Security Systems

$45 millionAmount stolen in 10 hours in ATM-withdrawal sprees on Feb. 19-20, 2013

40,500Total ATM withdrawals

27Countries where ATMs were raided in the operations, including Kenya

The "Unlimited Operation"

Hundreds of people involved in 27 countries without using a gun or bomb threat, or even setting foot inside a bank lobby.

© 2013 IBM Corporation

IBM Security Systems

10 IBM Security Systems

© 2013 IBM Corporation

IBM Security Systems

11 IBM Security Systems

The explosion of digital information and integrated infrastructure makes the Government and its agencies ripe for technology security breaches.

The chances of breaches in Government are, in fact, even greater and more varied than they are in private business and industry.

Not only does the federal government provide repositories for civil, state and defense secrets but we are in the process of integrating sensitive personal data such as citizen tax information, citizen registration, business registration, assets databases, and land registry.

It also maintains vast technology infrastructures that run its operations and programs.

Theft of government and citizen information or a cyber attack that compromises the ability to conduct government business can have serious and far-reaching consequences.

Government

© 2013 IBM Corporation

IBM Security Systems

12 IBM Security Systems

ibm.com/security