East African banks are on high alert following reports of cyber-attacks using zero-day vulnerabilities said Fabian Kasi, managing director at Centenary bank and chairman of Uganda Bankers Association in an exclusive interview with SCMagazineUK.com.
According to Kasi, most IT security experts in Ugandan and East African banks have been alerted to a new wave of attacks and are expected to bring the situation under control.
“We are already taking measures to tackle the threat by alerting and training staff as we also plan to procure necessary equipment to help us protect our banks,” he added.
A zero day is an attack through a yet unknown vulnerability, meaning that whoever is unfortunate enough to be subject to one has zero days to fix it.
“It is true, we have received reports of cyber-attacks using zero-day (vulnerabilities) in InPage publishing software but we are yet to confirm the magnitude of the damage,” said Godfrey Mutabazi, the executive director of Uganda Communications Commission (UCC).
According to the Central Bank of Kenya (CBK), strict measures have been put in place to address cyber-security risks in the sector citing the recent order of a full ICT Security system audit for all banks and insurance operators.
“We are involving regional police in this to strengthen our systems against the attacks as we also privately share information about these cyber-threats and vulnerabilities with other firms, IT analysts and government agencies,” said Njaramba Kanani, the information security officer at Chase Bank Kenya.
“More threats are expected which means that addressing such problem should not just be technologically-driven but more from a risk management and threat-led approach.” Control Risks' head of compliance, forensics and intelligence for East Africa, Patrick Matu said.According to Control Risks' Resilience Survey 2016-17, launched in Nairobi last week, almost half of top firms in Africa see cyber-crimes as a key concern in their businesses.