Shabaya Deche is a hacker but not a cyber-criminal. In fact his kind of hacking is considered ethical for he does so for a good cause.
Mr Deche is one of several hackers and data analysts who have set base at iLab, an incubation hub located at t Nairobi’s Strathmore Business School.
At the hub, he runs Tai SOC, a startup whose team of 20 will hack into your computer network, not to steal data or paralyse your operations, but to determine whether your systems are strong enough to withstand attacks by criminals.
Once they get into the nuts and bolts of how a business is set up, they deploy network censors within its environment, to collect data from strategic systems.
The data is then moved to a cloud platform, which enables them from their security operations centre in Strathmore, to analyse the online status of the business. This is done on a 24-hour basis, with at least two people manning the sites at any given time.
When they realise something is not right, the analysts are able to detect any attack before alerting the affected company’s IT security contacts.
With the data obtained from monitoring online activities, they are in a position to offer threat intelligence on potential attacks.
Mr Deche says no company, big or small, can underestimate risks posed by cybercriminals
“Many businesses, especially small and medium sizes (SMEs), are not technology oriented, and you therefore find them grappling with cybersecurity from the fundamental level,” notes Mr Deche.
“If a bank is having a problem, where we have detected a malware, instead of the same malware hitting another local bank, we can be able to alert those other banks of that potential risk to them.”
The firm has been operating for one year and so far they are working with four clients. They are targeting small and medium sized firms, who lack the wherewithal to hire cyber security personnel or set up infrastructure, be it software or hardware, which they need.
“A complete SOC requires expert staff, carefully selected hardware and software, recurring training, international compliance and a 24/7 operation. This set up proves to be time consuming, expensive and requires significant effort, with little or no pay-off in the long term,” notes Mr Deche.
During Covid-19, when several transactions moved online and cloud technologies were adopted, he says an increasing number of companies which were earlier hesitant about taking up cyber security came to see its importance.
“Traditionally, most focus of cyber security was on banks and saccos. But now, even schools are facing serious cyber-attacks during online classes. The health sector is in need of cyber security because the country is now beginning to adopt telemedicine where a lot of data is stored in the cloud,” notes Mr Deche.
He, however, adds that despite this realisation of how critical cybersecurity is, many companies remain skeptical about adopting the concept because they still consider it as foreign.
“The future lies in the digital space, it lies in technology and innovation. But some clients don’t believe in some of the products we are offering. They want something they can see physically. Selling someone technology they’ve never come across before is not easy,” says Mr Deche.
The tech firm offers businesses solutions that are customised to their needs and set up, but different companies within the same industry can take up a similar solution.
They have also developed a software tool which companies can use to assess the security status of their business on their own. By keying in their websites in the software, a complete scan of the business is done revealing whether or not there are any security threats.
Despite their expertise, Mr Deche says they still face challenges such as insider threats where people who have the privilege of access to internal systems could go rogue and potentially cause harm.
“An attack can originate from the most unlikely sources. Detective work in this case becomes a challenge because these people know the kind of tools you have put in place, and so can easily maneuver,” he notes.
Mr Deche, however, adds that the major problem when it comes to cyber security is the human element, where you may have the best solutions, but if the people do not know how to use them, then you will not be able to achieve a cyber-secure environment.
“It is why we do not just install the system but also insist on training company staff, from the receptionist to the high-level management on cyber security,” says Mr Deche.