We all know that if you leave your keys in the car, or cash by an open window, or a credit card on the table of your favourite bar, then you are asking for trouble. You just don’t do it, particularly in Nairobi where opportunist theft is at a peak.

But what about your computer?

Sure, you can keep it in the house, under lock and key, or carry it in a secure laptop bag to work, but there is always a chance you may be burgled or have the bag snatched, you’ll lose circa sh60000 worth of kit, and be very annoyed, but it can and does happen.

The computer itself has a value to an average thief, a bit like a flat screen TV or a hifi system, but unlike the latter two your computer has a secondary value, which, depending on the circumstances could be way, way higher than the value of the item itself.

On a personal level, if you have made an online payment, have a Paypal account or records of your passport, banking accounts or credit cards, or personal correspondence you would not want anyone else to see, then you could be in for a big shock. In the right (wrong?) hands all of this information is retrievable, even deleted files. In the hands of a cyberthief, you may well find your bank accounts emptied and credit cards maxed out, be blackmailed over the illicit affair you’re conducting over the ‘net or have your identity cloned and sold to someone in another country… Now ask yourself “what is the real value of my computer?” That 60k bob seems the least of your problems.

Ok that was just a ‘minor’ case, at a personal level, now lets escalate the problem.

You are the manager of a medium sized trading company, have a network of computers and servers, and hold the account details of 10,000 customers….but, you say, ‘No problem!..we back up data every day and keep the drives in a fireproof safe, we have our servers in strongrooms, the office is guarded 24/7 and our staff have all been vetted for honesty….’

It doesn’t matter, you have already been burgled, the burglar was silent, invisible, and stole those 10000 accounts whilst you were watching your screen, he even used your keyboard to do it, and within a nanosecond he was 4000mls away.

Your company is sued for $10m compensation by your customers, and your reputation goes from 100% to Nil overnight.

How it happens (anecdotally, that is)

‘Over in the Ukraine a hacker known as Blackhat* was getting fed up with life. He could no longer crack the security of the huge multinationals based in the States, and stealing files from the CIA had lost its fun factor and anyway didn’t pay the bills, so he decided to look ‘down market’. Smaller companies have less security in general, and lesser developed societies don’t have the money to spend on costly procedures and software etc. So thinking laterally Blackhat sent a web crawler to Nairobi to find breeches in security amongst trading companies. Slipping in through a hole in the firewall Blackhat installed a small undetected program on the server of our victim which gave him access to the network, passwords, accounts, and even the network keyboards. A few keystrokes later in the Ukraine, and the whole of the victims Nairobi database had been copied and transferred. After a hard nights work Blackhat had made his fortune by plundering the 10000 stolen accounts, and went to sleep, dreaming of his new Mercedes and which nightclubs he could now afford to go to….’

Ok this is just a story made up by ourselves. But there are some serious issues at stake.

The first issue is the “silent killer” problem. A bit like high blood pressure and diabetes; being connected to the internet can be symptom free for years before it catches you out.

A Cyber-thief does not appear in the room with a mask and a gun, alarm bells don’t ring and lights don’t flash. But by being connected to the internet you join the world’s biggest community, and like all communities not everyone has good intentions. As eCommerce has grown so too has the incident of Cybercrime, the only problem is you can’t see, hear or feel it happening. The psychology of this ‘invisibility’ makes many people not recognize its existence.

Next is the ‘keys in the car’ problem. A silly thing to do, but no more so than running a computer on the internet without virus protection, without a firewall, or with an out of date operating system. Without these basics you may as well hand your keys to the cyber-thief because our lurking Blackhat, can easily get into to your computer and drive away with its contents, you left the door open, the keys in, and our Blackhat is not bashful…

The third issue is growth. In a conversation with a Nairobi systems man two years ago we were told that Cybercrime is not much of a problem in Kenya yet. His prediction was that once the internet had grown to a certain size and speed then we’d see a marked growth in Cybercrimes…well that time has now come to Kenya.

And timely as it is, PricewaterhouseCoopers (PwC) have published their dossiers on the problem, both worldwide and in Kenya. There are two documents (which can be downloaded), “Cybercrime: protecting against the growing threat. Global Economic Crime Survey” and “A step ahead: Economic Crime in Kenya”.

In the latter, PwC note that of the Kenyan companies responding, 22% had already reported incidents of Cybercrime, which is close to the worldwide figure, but noted that Kenyan companies tended to leave the problem to IT departments, rather than embracing the more holistic management approach which they advocate:

“Only after an incident occurs do half of respondents in Kenya consult an external expert, according to the survey, and 14% of Kenya respondents (19% in Africa and 15% globally) report that their senior executives do not consider cybercrime a risk at all, a worrying admission in light of recent incidents that have been covered in the media”

The overall view is that Kenya is very much on a par with he rest of Africa in terms of its ability to tackle Cybercrime and both are slightly behind the rest of the world in general awareness and abilities. But do remember that PwC tend to deal with larger wealthier companies who by and large are better equipped to deal with these management and technical matters.

Another survey by Trendlabs titled “Small Business is Big Business in Cybercrime” indicates the problems we referred to in our Blackhat story….companies with lesser security make easier pickings…ie leaving the ‘keys in the car’ is not a good policy.

Both PwC and Trend have solutions for their allotted markets so whether large medium or small we’d recommend you read these documents.

For the individual we’d recommend these precautions.

Finally, if you want some consolation read this from the BBC …its a list of some of the worst computer security blunders, not necessarily Cybercrimes, but equally as bad, and mostly by Government bodies and individuals (who should know better) and whether in horror or amusement…realize it can happen to anyone…