Acknowledge weaknesses to fix it

Many leaders spend a lot of time convincing themselves that they do not need help. Most technical people are fond of giving rosy reports

Many leaders spend a lot of time convincing themselves that they do not need help. Most technical people are fond of giving rosy reports about how great things are going. Yet, at the end of the year, when independent reports are in, statistics show that an average company loses about 5% of their annual revenue to fraud, of which cybercrime contributes over 4%!

  1. Statements like “No one broke in.” “Our systems are very secure.” “We cannot be hacked.” “We lose 0% of our annual revenue to fraud and cybersecurity annually.”
  2. Are some of the common lies many leaders hear.
  3. However, without independent security assessment or penetration testing, the assurance may be misleading. According to the Uganda Police annual crime report for 2019, a total of 248 cybercrime cases were reported during the year compared to 198 cases reported in 2018. These cybercrimes resulted in a loss of Ugx. 11.4 billion in 2019 of which Ugx. 51.8 million was recovered. According to our Frontline projects at our premium clients in the past 12 months, on average over 13.4 Billion were lost to fraudsters and only 100.4 million was recovered. Some of the schemes included electronically stealing from a Bank through exploiting unmonitored remote access into core systems like core systems – databases and network monitoring systems which points to the possible involvement of insiders.
  4. In this modern era, high perimeter walls with an electronic fence surrounding the bank building. Well-armed security guards always on guard and look out to stop any unauthorized access into the bank premises, cannot help since the money goes through the telephone networks and not bags carried on the backs of people.
  5. As investigators, we are usually first responders. Clients usually reach out to us at odd hours. And you cannot fail to respond promptly, else you are seen as insensitive.
  6. The evening of 24th December 2018, stuck in my mind. I had just braved a long journey to the village to spend Christmas there when the call came in. Most of the bank staff had gone home. A lot of money had left people’s bank accounts in a very short while. We agreed to instantly put the online delivery channels offline, as I drove back to Kampala for a crisis meeting. To make matters worse, it took a notification of a vigilant customer who received a message of cash withdrawals from her account that the bank leaders woke up to the reality of the loss. Internal systems could not proactively prevent the attempts nor notice it in time.
  7. How much does your organisation lose monthly to fraud and corruption, and of course cybersecurity breaches? If you don’t know the extent of the loss, it could be a red flag that your current controls and systems are inadequate to detect any frauds.

The starting point is to acknowledge that there is always room for improvement. And then you can continuously improve. New attacks and fraud schemes are always being discovered. You must accept and continuously keep improving and raising the bar.

To request a free 30 minutes talk on “Common cybersecurity breaches and attack vectors in East Africa”, contact us. The talk is worth US $1,500 but we shall do it free of charge to your EXCO.

Copyright Mustapha B Mugisa, Mr Strategy 2021. All rights reserved

Share now

Leave a Reply

Your email address will not be published. Required fields are marked *

Related