Strategies for Mitigating E-Business Information Security Threats

Kirui Kipronoh
Department of Information Technology
Moi University, Kenya
Email: kipronoh.kirui@gmail.com

Abstract: The rapid growth of electronic commerce has made information security a critical concern for businesses operating online. This study examines security challenges and mitigation strategies in Kenya’s tour and travel e-business sector, where sensitive customer data and financial transactions are particularly vulnerable to cyber threats. Through a mixed-methods approach incorporating surveys of 57 Nairobi-based e-tourism businesses and interviews with 28 ICT security professionals, the research identifies significant gaps in current security practices. Findings reveal that 96.4% of respondents acknowledge deficiencies in their information security measures, with viruses and malware (60.7%), human error (28.6%), and system vulnerabilities (17.9%) emerging as the most prevalent threats. Particularly alarming is that 85.7% of surveyed businesses operate without a formal security framework. The study evaluates various mitigation strategies, including technological solutions, employee training programs, and policy frameworks, with particular focus on adapting ITIL principles to the e-business context. Results demonstrate that a comprehensive approach combining technical controls with organizational policies and staff awareness yields the most effective protection against security threats. The research concludes with recommendations for developing context-specific security frameworks that address the unique challenges of e-business operations while remaining adaptable to evolving cyber threats. These findings contribute both to academic discourse on information security and to practical strategies for e-businesses in developing economies.