Kenya’s largest retailer by branches, Naivas, has assured its customers that its systems are secure after it was hit by a ransomware attack.
“Naivas regrets to announce that alongside many corporates and organisations in and outside Kenya, we have been the victims of a ransomware attack by an online criminal organisation (Threat Actor),” Willy Kimani, Chief Commercial Officer, said in a statement.
“This unlawful intrusion may have compromised some of our data. Naivas has contained this attack, and our systems are secure and our operations are normal.”
NAIVAS DATA THEFT NOTIFICATION pic.twitter.com/H1a1sRMP88
— #NaivasKikapuKibonge (@naivas_kenya) April 23, 2023
Ransomware attacks, use security flaws to encrypt systems and lock their owners out until a ransom is paid.
Willy disclosed that they had been made aware that the Threat Actor has claimed to have stolen some of their data and is alleging that this may be published in due course. “We and law enforcement agencies are monitoring this closely. Naivas has also informed the Office of the Data Protection Commissioner Kenya of this incident.”
“Naivas would like to confirm that we do not hold any credit card/debit card information on our systems and that such payment information is handled securely and protected through Secure Sockets Layer (SSL) encryption.”
Cybersecurity does not only involve the protection of systems and technology but also extends to the all-around protection of users, their intangible values, physical security, and ensuring non-disruption of their daily critical activities according to “A study paper on human-centered cybersecurity: Kenyan Fintech sector.”
The Kenya ICT Action Network (KICTANet) has emphasised the need for companies and organisations to implement a digital resilience structure.
Digital resilience is the ability of an organization to rapidly adapt to the changes that come through upfront business disruptions by taking advantage of the digital capabilities and solutions available to restore the continuity of its operations and capitalize on the changed conditions for growth.
According to KICTANet, as security, safety, reliability, privacy, and data ethics become increasingly intertwined, many organizations and companies have not prioritized digital resilience as a critical aspect of their work.
A digital resilient organization or company needs to have
- Software management systems in terms of updated financial applications, legit software, backups, antivirus, VPNs, cyber hygiene, and good authentication practices
- Financial policies that allow for continuity of ongoing concerns in times of change and investing in proper IT systems
- Leadership that is aware of the need for a proper IT budget and staffing
- Training and capacity to sensitize staff on the need for digital resilience
- Proper audits consider threat analysis and source for assistance in the event of an incident.