How a Kenyan IT Firm Was Hacked and Millions stolen

I recently read an article about a Kenyan IT firm Craft Silicon experienced a security breach that resulted in the theft of millions of shillings. This breach happened around In June 2018. The breach was traced to a keylogger that was allegedly installed on the company’s M-Pesa server by one of its software developers, Gideon Kabaru.

The keylogger allowed Kabaru to allegedly steal the passwords of other employees and access the company’s financial systems. He then allegedly used this access to initiate fraudulent transactions, transferring millions of shillings to various M-Pesa accounts.

The breach was eventually discovered by Safaricom, who alerted Craft Silicon. The company quickly conducted an audit of its systems and confirmed the theft. Kabaru was then summarily dismissed and sued the company for wrongful termination.

However, the court found in favor of Craft Silicon, ruling that Kabaru was indeed responsible for the breach. The judge noted that the forensic audit report did not exonerate Kabaru, but simply stated that it was not possible to pinpoint the individual responsible for the fraud because multiple usernames were used.

This case highlights the importance of conducting regular audits of your IT infrastructure and implementing strong cybersecurity policies. By following these steps, you can help to protect your company from cyber attacks. Here are some key measures that organizations can learn from the Craft Silicon breach:

• Implement the principle of least privilege. This means giving employees only the level of access they need to do their jobs. This will help to reduce the damage that can be caused if an insider misuses their access.
• Use strong passwords and enforce password rotation. This will make it more difficult for attackers to gain access to systems and data.
• Monitor employee activity. This will help to identify suspicious activity, such as unusual logins or access to unauthorized data.
• Educate employees about cybersecurity best practices. This will help employees to identify and avoid phishing attacks and other forms of malware.
• Have a robust incident response plan in place. This will help to ensure that the organization is prepared to respond to a security breach.

In addition to these general measures, there are also a number of specific measures that can be taken to protect sensitive systems. For example, organizations can implement two-factor authentication, segregation of duties, and user behavior analytics.

By implementing these security measures, organizations can help to protect themselves from insider threats. However, it is important to remember that no security measure is perfect. It is important to have a layered approach to security and to be vigilant in monitoring for suspicious activity.

What do you think? What other measures do you think organizations can take to protect themselves from insider threats? Let us know in the comments below.

Here are some additional tips that readers can share in the comments:

• Have a clear and concise security policy. This will help employees to understand what is expected of them in terms of cybersecurity.
• Create a culture of security awareness. This means encouraging employees to be aware of the risks of cybersecurity threats and to report any suspicious activity.
• Test your security measures regularly. This will help to ensure that your security measures are effective and that they are being followed correctly.

By following these tips, organizations can help to create a more secure environment and protect themselves from insider threats.

The Craft Silicon case study is a reminder that no company is immune to insider threats. By taking steps to implement the security measures outlined above, organizations can help to protect themselves from these threats and keep their data safe.

# How a Kenyan IT Firm Was Hacked and Millions stolen