Cybercriminals stole at least Ksh106 million in 17 months to March 2021 from savings and credit co-operative societies (saccos), a new report has shown.
This translates to Ksh6.23 million per month or Ksh208,000 daily.
The report by financial regulators including Central Bank Kenya and Sacco Societies Regulatory Authority indicates that the losses were mostly through software vendors engaged by the saccos.
“All saccos must now review and enhance their IT security including their service level agreements to ensure that affected saccos are compensated by the vendor in the event of an attack where the vendor is culpable. Saccos are also encouraged to undertake indemnity covers to safeguard against attacks,” says the report.
Currently, saccos hold over Ksh800 billion in deposits from their members, with the threats posing a greater risk to systems that are said to be lacking audits.
According to a reports by cybersecurity consulting firm Serianu, 21 percent of saccos never carry out cybersecurity audits while 48 percent do so once a year.
“Our research indicates that there is increased targeted attacks on Sacco mobile transaction infrastructure. Additionally, weak IT infrastructure is exposing Saccos to attacks,” Serianu said in the report.
The report quoted by Business Daily indicates that 22 percent of saccos do not conduct any due diligence on vendors before engaging them while 58 percent only do background checks on major vendors.