Kenya’s cooperative financial sector is entering one of its most vulnerable periods of the year, with the Sacco Societies Regulatory Authority warning Saccos to brace for a spike in cyberattacks during the Easter holiday window.
According to Kabui Mwangi, the regulator has issued a directive urging heightened vigilance, pointing to a clear pattern: cybercriminals tend to strike when oversight is weakest—during long weekends and public holidays.
Why Holidays Are Prime Time for Cyberattacks
According to Sasra as reported by Kabui Mwangi, Business Daily, threat intelligence shows that most cyber breaches occur in the hours leading up to and during extended holidays such as Good Friday, Easter Monday, and Labor Day.
More specifically, attacks often happen:
- In the final 12 hours before the holiday begins
- During late evening and early night hours
This timing is not accidental. Reduced staffing, slower response times, and relaxed monitoring create opportunities for attackers to exploit system vulnerabilities.
As a result, Saccos are now being urged to treat holiday periods as high-risk operational windows rather than downtime.
Digital Growth Comes With New Risks
Over the past decade, Kenya’s Saccos have rapidly digitized their services. Many now offer mobile banking, digital loans, ATM access, and integrations with mobile money platforms.
While this shift has improved convenience and expanded financial inclusion, it has also widened the attack surface.
Systems most at risk include:
- Mobile banking platforms
- Pay bill accounts
- ATM networks
- Web-based applications
- Third-party integrations
In particular, reliance on external vendors has emerged as a key vulnerability. Even if Sacco’s internal systems are secure, linked platforms can provide entry points for cybercriminals.
Mandatory Measures: What Saccos Must Do
To counter the rising threat, Sasra has introduced strict requirements aimed at strengthening cyber resilience across the sector.
Saccos must now:
- Conduct regular offline backups of critical data
- Implement a 24-hour real-time system monitoring
- Establish rapid-response cybersecurity teams
- Strengthen internal controls to prevent insider threats
- Ensure third-party vendors meet equivalent security standards
Additionally, the regulator has made it clear that accountability lies with the institutions. Any losses linked to weak third-party arrangements will be borne by Sacco officials.
This marks a shift toward stricter enforcement, as regulators move to close gaps in operational risk management.
Insider Threats Add Another Layer of Risk
Beyond external hackers, Sasra has raised concerns about insider involvement in cyber incidents. Employees with system access can, in some cases, collude with external actors.
Therefore, Saccos are being directed to enhance internal surveillance and control mechanisms. This includes monitoring unusual transactions, access patterns, and system activities—especially during off-peak hours.
