There's a funny corporate culture that I have observed in Kenya that could shed some light on why local IT systems appear so vulnerable: TALENT COMMODITIZATION.
Take the banking industry for example, I recall a while back seeing some chatter on twitter about how big brands UNDERPAY key IT staff (I.e. the hands on technical staff like sysadmins / app admins / dbadmins & devs) in order to "save" on manpower costs. In this day and age that is not an intelligent thing to do.
Others assume that outsourcing to India will magically solve for costs, quality and security. I have worked on projects with "world-class" offshore teams and what I saw was a minefield of HIDDEN COSTS if you don't have your own savvy supervisory / QC team.
Then there is the "contract fixes everything" fanatics. Contracts mean nothing if you can't detect shoddy work - and if going to court after the fact is almost impossible given risks of PR blowback (in image sensitive industries). In many cases such contracts are just for CYA (avoiding blame or passing audit reviews).
Some tradition-heavy institutions still put IT under Finance directors / VPs or GMs instead of having IT representation at board level. This makes it hard for IT to push back on top-down "spreadsheet inspired" directives. You don't increase shareholder value by setting up your critical functions for downstream failure (or putting the entire org or at risk just to hit annual growth targets).
Beefing up the Infosec unit is pointless if the underlying architecture is full of holes. There is only so much duct taping that can be done. Worse if that team is underpaid as well.
It's also interesting that many local companies don't have a "specialist path" for technical talent advancement. This limits the political/decision making clout for technical talent as well as limiting their personal growth. Hopping / side hustling / track switching (e.g. to management) is the end result.
These mistakes have cost the financial industry (for example) a whopping 17BILLION in potentially avoidable losses (and still counting).
So much for HR "cost savings". :-/
I think the Infosec crisis in Kenya is just a SYMPTOM of bigger "organisation and culture" issues - and short term thinking is right at the heart of it.
"Financial institutions in Kenya have recently become a soft target for cybercriminals, with police records showing that they lost about Sh17 billion to the fraudsters in 2016, up from Sh14 billion in 2015."
https://mobile.nation.co.ke/business/Police-probe-130-bank-cyber-fraud-susp…
Hi all,
Please share our call for applications for this year's Internet of
Rights fellowship. The deadline for applications is Friday, 24 February.
Thank you!
-Mallory
===
Download the call: https://share.article19.io/index.php/s/f9SzmAYzBizdMg5
# Call for Applications: ARTICLE 19 Internet of Rights Fellowship
ARTICLE 19 Team Digital is looking for three new fellows to join the
2019 cohort of the Internet of Rights Fellowship.
Since 2014 ARTICLE 19 has been a pioneer in the technical governance and
evolution of the global Internet, bridging the knowledge gap within the
technical and human rights communities. In doing so, ARTICLE 19 has
carved out a key platform for civil society engagement in these bodies;
however, there remains the need for greater, more diverse, and more
sustainable civil society participation.
In its third year, the Internet of Rights Fellowship will equip a
diverse community of civil society organizations and their
representatives with the tools they need to carry out long-term,
influential engagement in the bodies setting the technical policies and
standards that uphold the global Internet architecture.
Fellows will be expected to have some working knowledge and experience
with the technical and policy discussions across the Internet governance
landscape. Under the guidance of their assigned mentors, they will
develop a deeper knowledge of their target issue area and the skills
necessary to meaningfully contribute to discussions in order to further
human rights considerations in Internet governance bodies. By the end of
the program, fellows will be well equipped to continue developing a
robust approach to human rights within these technical communities
beyond the life of the program.
# The Fellowship
The Internet of Rights Fellowship program is designed to be flexible and
dynamic to account for each individual’s skills, interests, and
experience. Prospective fellows are encouraged to be creative in their
approach. Upon selection, fellows will work with ARTICLE 19 Team Digital
to elaborate upon their work plan, develop a schedule, and identify
potential deliverables. Beyond lending structure to the fellowship, this
exercise is intended to give our team insights into how we may best
support each individual.
The 2019 Internet of Rights Fellowship will start in March and last for
one year, during which time fellows will work closely with their
mentor—a designated member of our team—on one of the following priority
areas:
* Algorithmic decision making: This is a technical track on which
fellows will complement our policy work on algorithms, artificial
intelligence and machine learning to address how algorithmic
decision-making can be guided by international human rights law.
Algorithms fellows may work on developing research, and/or work in both
established and emerging spaces, like the Institute of Electrical and
Electronics Engineers (IEEE) and the Partnership on AI (PAI).
* Public Interest Internet Standards: This is a technical and policy
development track on which fellows will contribute to Article 19's work
at the Human Rights in Protocols Considerations Research Group of the
Internet Research Task Force (IRTF), or in developing novel technical
methods for measuring human rights aspects of existing Internet
Engineering Task Force (IETF) standards.
* Radio Network Hardware: This is a technical or humanities track in
which the fellow will complement our policy work by studying specific
standardization projects ongoing in either the IEEE 802 LAN/MAN
Standards Committee (LMSC) or the Third Generation Partnership Project
(3GPP). The fellowship has the goal of uncovering hidden effects on
human rights of technical choices at the lowest layer of Internet
architecture: hardware. Fellows may be given the task to assist ARTICLE
19 representatives with things like Letter Ballots, technical reviews
and attend standardization meetings.
Each Fellow will be expected to participate in three Internet
governance-related meetings over the course of the year. Costs incurred
during participation in meetings and conferences as part of this program
will be covered by the Fellowship. Fellows will also receive a monthly
honorarium of USD 300 over the duration of their fellowship.
# The Fellows
Fellows are expected to commit to an average of eight hours per week
engaging in forum-specific discussions, participating in working groups,
and completing projects. The program will be conducted entirely in
English; therefore, fellows must have written and spoken proficiency in
the language.
For all priority areas, the ideal fellow will have:
* Technical competence, which may include knowledge and experience in
computer networking and protocols, systems design, and architecture
* Prior experience contributing to Internet governance fora, and/or
in-depth knowledge of their target body
* A clear commitment to protecting and promoting human rights and
Internet freedom.
Applicants from the Global South, women, and other under-represented
groups are encouraged to apply.
# Application Submissions
The deadline for applications is Friday, 24 February 2019. Interested
applicants should submit the following to fellowship(a)article19.org:
* Curriculum vitae
* Statement of interest, indicating priority area and proposed work
plan (maximum of two pages)
* Contact information of two references
Questions can be directed to fellowship(a)article19.org
--
Mallory Knodel
Head of Digital :: article19.org
gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
--
Mallory Knodel
May First/People Link :: mayfirst.org
gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
