An evaluation of the perceived effectiveness of proactive and reactive strategies in mitigating cyber crime against banks in Kenya
Date
2016
Authors
Too, Dennis Kipkorir
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
The increase in reported losses from cybercrime in the banking industry as a result of
the shift to e-banking underscores the importance of finding an effective strategy to
mitigate cybercrime. This research set out to identify an effective solution to
cybercrime in the banking industry by identifying a set of variables that if controlled
will provide managers with a means to abate cybercrime. The objective was achieved
by establishing the relationship between the frequency of cyber-attacks and the
strategies employed by Kenyan banks to mitigate cybercrime. Questionnaires and
interviews were administered to the managers of the IT and internal audit
departments of the banks operating in Kenya as at December 2014. A Likert scale
was used to capture the frequency of cyber-attacks from the managers and the
strategies adopted to mitigate cybercrime. Simple and multiple regressions were then
applied to the mean responses to establish the relationship between the frequency of
cyber-attacks and the strategies employed. Findings indicate that all 14 previously
identified cyber- attack methods were present with varying degrees of frequency. The
research established that attacks by viruses, spamming, phishing, adware, worms,
spyware and Trojans were experienced on a daily basis by some banks. The highest
occurrence of ATM card fraud and, DOS was weekly while attacks by Vishing,
SMSishing, botnets and hacking occurred most frequently on a monthly basis. Key
loggers had the least frequency of occurrence with most of the banks not attacked.
The study found all the banks in Kenya are at different stages of implementing both
proactive and reactive strategies as measures against cybercrime. The responses
indicated a partiality towards proactive strategies with less than 4% having not
implemented any of the previously identified proactive strategies. Regression
analyses established both strategies have a negative relationship with the frequency
of cyber-attacks. Further, the paper determined reactive strategies to have a higher
negative relationship to frequency of cyber-attacks than proactive strategies. The size
of the bank was established to have a positive relationship to frequency of attack.
This was achieved despite the effort curtailed by less than 100% response rate. The
study provides a basis for future research into cybercrime in the banking industry
especially on the effectiveness of strategies employed. Further, the research offers
impetus for a study on threats from the insider and a view of cybercrime from the
customer's perspective.
Description
A Thesis submitted in partial fulfillment of the requirements for the degree of Master of Commerce
Keywords
Cyber crime, Cyber security, Banks, Kenya, Security, Strategies