Spot on Patrick,

Information and Communications Technology is quiet misunderstood. No
wonder for the longest time ever Gartner always reported the fact that
only 30 % of ICT projects always succeeded in the long term.

Regards

On 2/1/19, Patrick A. M. Maina via kictanet
<kictanet@lists.kictanet.or.ke> wrote:
> There\’s a funny corporate culture that I have observed in Kenya that could
> shed some light on why local IT systems appear so vulnerable: TALENT
> COMMODITIZATION.
> Take the banking industry for example, I recall a while back seeing some
> chatter on twitter about how big brands UNDERPAY key IT staff (I.e. the
> hands on technical staff like sysadmins / app admins / dbadmins & devs) in
> order to \”save\” on manpower costs. In this day and age that is not an
> intelligent thing to do.
> Others assume that outsourcing to India will magically solve for costs,
> quality and security. I have worked on projects with \”world-class\”  offshore
> teams and what I saw was a minefield of HIDDEN COSTS if you don\’t have your
> own savvy supervisory / QC team.
> Then there is the \”contract fixes everything\” fanatics. Contracts mean
> nothing if you can\’t detect shoddy work – and if going to court after the
> fact is almost impossible given risks of PR blowback (in image sensitive
> industries). In many cases such contracts are just for CYA (avoiding blame
> or passing audit reviews).
> Some tradition-heavy institutions still put IT under Finance directors / VPs
> or GMs instead of having IT representation at board level. This makes it
> hard for IT to push back on top-down \”spreadsheet inspired\” directives. You
> don\’t increase shareholder value by setting up your critical functions for
> downstream failure (or putting the entire org or at risk just to hit annual
> growth targets).
> Beefing up the Infosec unit is pointless if the underlying architecture is
> full of holes. There is only so much duct taping that can be done. Worse if
> that team is underpaid as well.
> It\’s also interesting that many local companies don\’t have a \”specialist
> path\” for technical talent advancement. This limits the political/decision
> making clout for technical talent as well as limiting their personal growth.
> Hopping / side hustling / track switching (e.g. to management) is the end
> result.
> These mistakes have cost the financial industry (for example) a whopping
> 17BILLION in potentially avoidable losses (and still counting).
>
> So much for HR \”cost savings\”. :-/
> I think the Infosec crisis in Kenya is just a SYMPTOM of bigger
> \”organisation and culture\” issues – and short term thinking is right at the
> heart of it.
> \”Financial institutions in Kenya have recently become a soft target for
> cybercriminals, with police records showing that they lost about Sh17
> billion to the fraudsters in 2016, up from Sh14 billion in 2015.\”
> mobile.nation.co.ke/business/Police-probe-130-bank-cyber-fraud-suspects/1950106-4959008-12vounp/index.html
>