3.4 Security threats on e-records
3.4.4 Impact of cyberspace
Cyberspace is the digital environment made up of digitised records that are used and shared, through networks and/or including the physical systems, such as computers and databases that enable exchange of information as well as the users who make use of the system (US national association of county and city health offices (NACCHO) 2015; Friedman and Singer 2014).
70
Therefore, the broader reach and impact of cyberspace which is accelerating across national and international boundaries is making it a complex challenge for any government to address issues of e-records security (Ministry of ICT, Kenya 2014; Omotosho and Emuoyibofarhe 2014).
Wamukoya and Mutula (2005) state that inadequate security and confidentiality controls are significant factors contributing to the failure of capturing and preservation of electronic records in Eastern and Southern African educational institutions. Similarly, Myler and Broadbent (2006) posit that information security issues such as cybercrime, privacy, virus attack, and commercial data mining are the major concern to academic institutions. Cybercrime is a term used to describe ICT attacks including viruses. According to the government of Kenya, cyber-attacks are continuously evolving to a great extent faster than cyber defenses (Ministry of ICT, Kenya 2014).
The Ministry of ICT in Kenya (2014) provided a cyber-attack snapshot of sophistication trend from 1980-2014 in Kenya, East Africa and internationally that is presented in figure 7
Figure 7: Trends in Cybersecurity of cyber-attacks from 1980-2014 (Source: Ministry of ICT National Cyber-Security Strategy Report 2014)
Kenya cybersecurity report (2015) observes that cybercriminals have advanced to such a degree that it is almost impossible to detect intrusions without the use of advanced continuous monitoring
71
and detection methods. The hacktivists and crackers manipulate the ICT infrastructure which compromises security leading to corruption or loss of information, misuse or theft of information, identity theft and unauthorised use of client information, they alter, disrupt or destroy sensitive personnel business and government information. Omotosho and Emuoyibofarhe (2014) noted that in an age of identity theft and data snooping, the health care industry has become one of the most sought-after domain by cyber attackers because the transition from paper-based health systems to electronic health records systems has given data thieves compelling reasons to attempt cracking hospital networks due to the value of medical data it contains. Also, viruses (computer programs written by devious programmers and designed to replicate themselves and infect computers and other storage devices by copying themselves into a file and other executable programmes when triggered by the specific event are a security threat to e-records (Khan et al. 2017). Transmission of computer viruses that can affect third parties and lead to potential liability, services interruptions and security breaches that compromise e-records security management are of great concern to organisations including Moi University (Waithaka 2016; Kenya Cyber Security Report 2015).
Lack of antivirus software to scan the computer for malware may lead to loss of e-records (UN NACCHO 2015; Microsoft 2013).
The cybercriminals went a notch high with the introduction of a ransomware virus which encrypts data on infected computers and demands a ransom payment to allow users access worldwide. For instance, between January 2015 and April 2016, the USA was the region most affected by ransomware, with 28% of global infections. Canada, Australia, India, Japan, Italy the UK, Germany, the Netherlands, and Malaysia being among the top 10. The report further indicates that 43% of ransomware victims were employees in organisations (Symantec special report 2016). In 2017, a day described by Yokahama (2018) ‘The day the world cried’ in his publication on business management and cybersecurity, digital resiliency for executives, WannaCry virus attack hit 150 countries where more than 200, 000 computers were infected in less than three days (Microsoft 2017; Yokahama 2018). According to the England National Audit office (2017) on Friday of 12th May 2017, WannaCry which encrypts data on infected computers and demands a ransom payment was released worldwide. WannaCry was the most significant cyberattack to affect the National Health Service in England. Luckily, a significant part of Africa was spared. However, some countries on the African continent were affected, including South Africa, Nigeria, Angola, Egypt, Mozambique, Tanzania, Niger, Morocco, and Tunisia (Kaspersky lab report 2017).
72
Although Kenya was not among countries affected by the WannaCry attack, it lost USD 21 million to cyber-attacks in 2017 alone, while in 2015 and 2016 Kenya lost, USD 150 and USD 175 million respectively (Kenya cybersecurity report 2016). According to a 2016 Kenya cybersecurity survey, there is an increased rate of cybercrime in Kenya. Most of the respondents (70.6%) experienced cybercrime in one way or another; out of these, 34% was through work, while 66% at personal level. Furthermore, network security threats are spread over the internet and are witnessed frequently, while their management is less advanced (Raaen 2017; Kenya Cyber Security Report 2015; Ministry of ICT, Kenya 2014; Mishra 2011; Yeh and Chang 2007). Lack of intrusion protection and detection to monitor network or system activities for malicious and unauthorised activities results to network security threats. These threats may include, but are not limited to, social engineering (obtaining confidential network security information through nontechnical means such as posing as a technical support person and asking for peoples passwords); Trojan horse programs (delivery vehicles for destructive code, which appear to be harmless or useful software programs such as games); access attacks (which exploits network vulnerabilities in order to gain entry to e-mail, databases or the corporate network); denial-of-service attacks (which prevent access to part or all of a computer system) unauthorised access.