A Framework for Assessing the Insider Threat in Parastatals in Kenya

Abstract

Kenyan parastatals have been slow to address the insider threat problem. Nationally, recent industry surveys provide evidence that the Kenyan Banking sector followed by Kenyan Public institutions have been the hardest hit by insider attacks. Billions of shillings have been lost through insider attacks whether malicious or accidental. The main objective of the study was to select and test an appropriate framework for dealing with the insider threat problem in Kenyan public institutions. In addition, the study was expected to advantage the Government of Kenya and its parastatals to help them mount a substantive proactive defense program against insider threats. The study utilized a case study strategy since it investigated phenomena within its real-life context. This method also provided comprehensive grounds for generalization of data for illustrating statistical findings. Data was gathered through structured questionnaires which contained closed-ended questions. Data was then coded and tabulated to facilitate data analysis and subjected to various analyses to test hypotheses. The main finding in this study was that controls and countermeasures of well over half of Kenyan parastatals interviewed do not have viable mitigation strategies against the insider threat problem because there were no corporate plans to counter insider threats. Consequently, sequential layers of Application, Data and Information which rely on corporate policies, have standalone controls that do not refer to the organizational policies and procedures therefore, there was no pointer to the extent of security and controls needed to be implemented at these layers. The study recommends that Kenyan Parastatals should customize their mitigation strategies according to their organizations’ goals which will enable a multi-tiered insider threat plan of action so as to tailor individual organizations’ countermeasures and policies to meet its unique needs by continuous monitoring, analyzing and auditing all network, user, system activity and policy enforcements to identify abnormal behavior and usage patterns.