Hacktivism: We must urgently raise our game in cybersecurity

A hacker

Hackers breached e-Citizen, the online portal that hosts over 5,000 services from more than 100 government ministries and departments.

Photo credit: Shutterstock

A major hack into government systems on Thursday last week exposed the country’s vulnerability to cyber-attacks. Kenyans could not access public services through eCitizen.

The outage of M-Pesa paralysed operations across many sectors, putting into question the country’s readiness for a full shift towards digital payments. Some KSh29.55 trillion was transacted on M-Pesa in the financial year to March 2022, translating to about KSh81 billion daily, underlining the impact of the service’s disruption to the economy.

A group calling itself ‘Anonymous Sudan’ claimed responsibility for the attack. It describes itself as a hacktivist group and says it is waging cyber strikes out of Africa on behalf of oppressed Muslims worldwide.

This attack has rudely opened our eyes to the dangers of digital technology and our total reliance on it. It has shown us the extent of our vulnerability to attacks on this new front that we have very scarce ability to fight. It has shown us the extent of our shakiness and lack of coherent action against such an elusive foe.

The attack came barely four weeks after President William Ruto launched thousands of government services on the e-Citizen platform to increase efficiency and minimise corruption. It exposed the risks of the digitisation plan, as any successful hacks could lead to the loss of huge amounts of sensitive data.

The government seemed powerless to stop it, given that the country’s top cyber security team had last week warned various agencies that such an attack would happen. The National Computer and Cybercrime Coordination Committee (NC4) recently revealed that it had observed a sharp increase in hacking attempts targeting critical information infrastructure.

A cyber-attack is any intentional effort to steal, expose, alter, disable or destroy data, applications or other assets through unauthorised access to a network, computer system or digital device.

Hackers launch cyber-attacks for all sorts of reasons, from petty theft to acts of war. They use a variety of tactics, like malware attacks, social engineering scams and password theft to gain unauthorised access to their target systems.

This is a cruel lesson for Kenya that must spur us into action. Future wars shall be fought on the cyber front, and we need to be prepared. The effects of hacking can be more damaging and demoralising than some cluster bombs. Hackers can stop the flow of essential services like electricity, water, general communication and economic transactions.

The group that targeted Kenya issued a threat to do even more damage. It would be foolhardy for us to consider this an empty threat, nor should not be lame ducks, sitting pretty and waiting for an impending attack that we have no capacity to stem.

It is time we acted to protect our country’s systems. We have moved too slowly in the field of cybercrime, considering that the NC4 was only constituted a short while ago. While this was a move in the right direction, we need to put more finances and energy into this extremely important sector of our security, including education of tech-savvy youth to help us fight this new brand of crime.

In just the same way that we recruit the police and Kenya Defence Forces personnel annually, we should be recruiting fresh graduates with strong backgrounds in computer technology to form the vanguard of our preparedness for cyberwarfare. We must create a stronger defence to meet attacks and eliminate them long before they have a chance to do any damage.

The attack on our systems should ignite determined effort to ensure that we build secure digital systems. It is a lesson that we ignore at our own peril.