IJSSME

Mobile money services have revolutionized the payment system in Kenya, bringing significant benefits to both the economy and its citizens. However, as the industry has grown and evolved, it has also faced significant cybersecurity challenges that have resulted in financial losses for mobile money providers. Despite investing heavily in security controls and countermeasures, the industry has struggled to keep up with emerging cyber threats. To combat these challenges, mobile money providers have implemented a range of security strategies, from traditional measures like encryption mechanisms and user authentication to more innovative approaches such as API security and deployment of security operations centers. These efforts have been coupled with education and awareness campaigns to sensitize all stakeholders to the risks of cybercrime. Despite these efforts, cyber threats continue to evolve due to emerging technologies taking shape, and new strategies are needed to address them effectively. Therefore, it is essential to continue developing innovative approaches in cybersecurity that go beyond technology and devices to ensure provision of secure and sustainable mobile money services to consumers. By doing so, organizations can build trust in their system and continue reaping the benefits of these transformative and adaptive security technologies. Ensuring cyber resilience is crucial across all aspects of an organization, encompassing people, processes, and technology. This is critical for mobile money service providers because trust and confidence in provision of their services are vital in ensuring a safe and secure environment. To achieve this, a zero trust mature security model can significantly influence these providers. By implementing the principles behind this model, they can create a more secure environment, gain competitive advantage, and offer better measures against cyberattacks and fraud. Therefore, this study aimed to examine the influence of zero trust mature model principles on mobile money providers in their pursuit of cyber resilience. Identity access management was shown to substantially enhance cyber resilience by securing user authentication and access controls. Additionally, cybersecurity operations management were found to positively influence cyber resilience, emphasizing the importance of proactive threat detection, incident response, and robust data protection measures. Collectively, these results highlight the need for a comprehensive approach to cybersecurity, integrating multiple strategies to strengthen mobile money platforms against evolving threats.

Key Words: Zero Trust Maturity Model, Cyber Resilience, Mobile Money Providers, Identity Access Management, Cybersecurity Operations Management

Aiello Samuel (2022). Zero Trust: A Governance Perspective. Retrieved from https://ssrn.com/abstract=4146521 or http://dx.doi.org/10.2139/ssrn.4146521

Ambore and Richardson, et al. (2017). A Resilient Cybersecurity Framework for Mobile Financial Services (MFS). Journal of Cyber Security Technology.DOI.org (Crossref). Retrieved from https://doi.org/10.1080/23742917.2017.1386483.

Aubra Anthony, Nanjira Sambuli, and Lakshmee Sharma (2024).Security and Trust in Africa’s Digital Financial Inclusion Landscape. Retrieved from https://carnegieendowment.org/research/2024/03/security-and-trust-in-africas-digital-financial-inclusion-landscape?lang=en&center=europe

Benoît Dupont (2019). The Cyber-Resilience of Financial Institutions: Significance and Applicability. Journal of Cybersecurity. DOI.org (Crossref). Retrieved from

Bryman, A. (2016). Social Research Methods (5th ed.). London: Oxford University Press.

CISA (2024) Zero Trust Maturity Model: Cybersecurity and Infrastructure Security Agency CISA. Retrieved from https://www.cisa.gov/zero trust-maturity-model

Cisco (2023). Security Outcomes for Zero Trust: Adoption, Access, and Automation Trends. Retrieved from https://www.cisco.com/c/dam/en/us/solutions/collateral/security/zero trust/zero trust-outcomes.pdf

Craig, T., & Ludloff, M.E. (2011). Privacy and Big Data: The Players, Regulators, and Stakeholders. Published by O'Reilly Media, Inc.,1005

De Groot, J. (May 21,2024). What is data encryption? (definition, best practices & more). Digital Guardian. Retrieved from https://www.digitalguardian.com/blog/what-data-encryption

Dell (May 22, 2024) Cyber Resilience -Cyber Protection. (n.d.). Retrieved from https://www.dell.com/en-us/dt/learn/data-protection/cyber-resilience.htm

DesignRush (2024).Retrieved from https://www.designrush.com/agency/cybersecurity/trends/user-authentication

Downs, M. (2024, February 12). Cyber resilience for identity and access management. Evolving Solutions. Retrieved from https://evolvingsol.com/identity-and-access-management-cyber-resilience/

Flanigan, J. (2018). Zero Trust Network Model. Tufts University: Medford, MA, USA. Retrieved from https://www.cs.tufts.edu/comp/116/archive/fall2018/jflanigan.pdf

Government of Canada (2022). Canadian Center for Cyber Security: A zero trust approach to security architecture (ITSM.10.008). [Publication]. Retrieved from

Gurdip Kaur, Ziba Habibi Lashkari, Arash Habibi Lashkari (2021) Understanding Cybersecurity Management in FinTech; Challenges, Strategies, and Trends. Springer Charm.

https://doi.org/10.1093/cybsec/tyz013

Lloyd, J. (2023). BeyondCorp. In: Infrastructure Leader’s Guide to Google Cloud. Apress, Berkeley. CA. Retrieved from https://doi.org/10.1007/978-1-4842-8820-7_29

Maricus Otieno Mayunga (2019).Developing and Assessing A Cyber-Resilience Framework For Kenyan Banks.

MarshMcLennan (2024).The State of Cyber Resilience – Asia and Global insights. Retrieved from https://www.marsh.com/my/services/cyber-risk/insights/the-state-of-cyber-resilience.html#sizetracker

Martin Walter (2024)Data insecurity: Building resilience in the face of cyber threats. (n.d.). Retrieved from https://www.rubrik.com/blog/technology/24/2/data-insecurity-building-resilience-in-the-face-of-cyber-threats

Maya, G. (2021, August 13). Backup and recovery policy - Protect Your Data with a Documented Plan. ITSM Docs - ITSM Documents & Templates. Retrieved from https://www.itsm-docs.com/blogs/security-management/backup-and-recovery-policy

Mercy W. Buku & Rafe Mazer (2017). Brief Fraud in Mobile Financial Services: Fraud in Mobile Financial Services: Protecting Consumers, Providers, and the System. CGAP Publication.

Mugenda, O. and Mugenda (2008).Social Sciences Research: Theory and Principles. ART

Ömer Aslan, Semih S.Aktuğ, et.al (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Retrieved from https://www.mdpi.com/2079-9292/12/6/1333.

Patrick Van Eecke,Yasmin Roland (2024).Building Cyber Resilience in the Financial Services Sector: New Rules in Europe. Retrieved from https://cdp.cooley.com/building-cyber-resilience-in-the-financial-services-sector-new-rules-in-europe/

Phil Robinson (2023).Retrieved from https://www.architectureandgovernance.com/elevating-ea/is-zero-trust-achievable/

Positive Technologies (July 28,2023). Cybersecurity threatscape of African countries 2022–2023.Retrieved from https://www.ptsecurity.com/ww-en/analytics/africa-cybersecurity-threatscape-2022-2023/

Presence Secure (2024).Retrieved from https://www.presencesecure.com/zero-trust-to-cyber-resilience/

PricewaterhouseCoopers (2024). Digital identity at the heart of cyber resilience and experience. PwC. Retrieved from https://www.pwc.com.au/cyber-security-digital-trust/digital-identity.html

Rogers, E. M. (2003). Diffusion of Cybersecurity Operations Management s, 5th Edition (5th ed.). Free Press.

Rose, S., Borchert, O., et.al (2020). Zero Trust Architecture, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD. Retrieved from https://www.nist.gov/publications/zero trust-architecture.

Sarkar, Choudhary, et al. (2022). Security of Zero Trust Networks in Cloud Computing: A Comparative Review. Publication. Retrieved from https://doi.org/10.3390/su141811213

Shepherd, Cody (2022).Zero Trust Architecture: Framework and Case Study; Cyber Operations and Resilience Program Graduate Projects. Retrieved from

https://scholarworks.boisestate.edu/cyber_gradproj/1

Shorna Broussard Allred & Amy Ross-Davis (2011).The Drop-off and Pick-up Method: An Approach to Reduce Nonresponse Bias in Natural Resource Surveys.Publication.DOI:10.1007/s11842-010-9150-y

Yale School of Management Case Study (2024).Retrieved from https://workshop1.cases.som.yale.edu/mpeso/background/mobile-money

ZenGRC (2024).Threat, Vulnerability, and Risk: What’s the Difference? Retrieved from https://reciprocity.com/blog/threat-vulnerability-and-risk-whats-the-difference/