Local organizations are yet to appreciate the concept of security on their information assets. Teqlink Solutions in conjunction with the Kenya Institute of Management (KIM) organised a two day IT Security conference aimed at creating awareness of how the organizations in the region are prone and vulnerable to hackers’ attacks especially with the introduction of optical fiber networks. Discussions revolved around system attacks and the need for organisations to plan early for recovery and rollback systems, the legal framework on cyber security and identity theft which is becoming major concern in the market.
“An organization is secure until when people know they exist," says Evans Kahuthu, the facilitator and Security specialist from Teqlink Solutions.  "With the various cables connecting the country being lit up, the intensity of attacks will increase as the country is connected to the world,” he continued. Kahuthu said Kenya as a country has just woken up to an increased perimeter of attacks which is as a result of careless behavior that leaks personal information to hackers who in turn use this information in malicious ways.
Hacker’s secrets
Participants at the forum had a chance of hearing from Johnny Long, the Founder of Hackers for Charity,  a foundation geared towards empowering kids in Uganda to acquire ICT knowledge. Long is a world renown hacker who in his past 15 years has hacked into systems of various institutions including the US military. Long discussed various simple things such as giving detailed information to websites that are unknown, which allow easy use of search engines like Google to search and hack into systems. By executing Structured Query Language (Sql) injections through search engines, details such as social security numbers, banks details can easily be obtained. “Many of the organization are having too much exposure through unsecured and unencrypted network connections; this provides loop holes for hackers to sniff information out of the systems,” says Long.
According to Long, hacking is not just done on a technological platforms. Simple lock picking, shoulder surfing, dumpster diving, watching things left inside vehicles provide access to important information one could never imagine. Just as having strong gates and guard dogs in our homes, and still have strong grills on window pens, similarly, organizations should invest in data leak proof products for the local area networks and the wide area networks. This is a form of indepth defense to an organisation's information assets.
“Organizations should foster continuous network monitoring procedures, on their networks to detect intrusion into the systems, train employees on various ways to prevent identity theft,” says Lucy Munga, the Information Technology Risk and Assurance Leader Ernst and Young, Kenya. She discussed identity theft as being the next liability corporates are facing and how to manage this risk.
There is no security because of obsecurity, people in the information industry tend to assume without the physical connection to the internet, their servers are secure, well, a simple wi-fi connection may provide a connection that will cause equal damage.