INTERNET FRAUD

Kenya second in Africa on cyberattacks

It experienced 32.8 million attacks in the first six months of the year, report shows.

In Summary

•Nigeria had the highest number of attacks totaling  61.7 million while South Africa recorded 31.5 million.

•Kenya recorded an increase of 15.9 per cent compared to a similar period last year.

Cybersecurity/
Cybersecurity/
Image: FILE

Kenya incurred the second highest cyberattacks in Africa after Nigeria ,latest report by Kaspersky shows.

According to the report, Kenya experienced 32.8 million attacks in the first six months of the year.

Nigeria recorded 61.7 million while South Africa recorded 31.5 million.

Kenya, South Africa and Nigeria have all shown significant annual growth in the number of threats targeting companies and users when compared to the same period last year.

Kaspersky recorded a 24.6 per cent increase in attacks in Nigeria, followed by South Africa with a 16.6 per cent and Kenya with a 15.9 per cent increase, respectively.

“Threats can be categorised as criminal (80 per cent of attacks), targeted (19.9 per cent), and advanced (0.01per cent). The advanced grouping is significantly more sophisticated and feature increased investment from attack groups,” said Amin Hasbini, Head of Research Centre, Middle East, Turkey and Africa.

Hasbini added that unfortunately, both criminal and targeted threat vectors learn from the advanced category to enhance their own attack techniques.

They are embracing more sophisticated methods to compromise systems and data.

They are looking at non-Microsoft environments, infecting firmware, and even embarking on ‘big game hunting’ exercises focused on high-profile targets with lots of money.

The most dominant threat actors on the continent identified by Kaspersky include Lazarus, DeathStalker, CactusPete, and IAmTheKing.

Ransomware has also become a significant threat vector targeting users and organisations locally.

When looking at future predictions, Kaspersky notes that ransomware development will continue.

“Our research shows that the most threatened industries common across these three countries are government and telecommunications, with diplomatic, education, and healthcare also being cause for concern,” Hasbini said.

He added that they have also seen large service-oriented organisations being targeted, for instance, telecommunications, because of the services they provide to high-profile companies.

In addition, they have seen cyber attackers are using these as platforms to gain access to other businesses.

Furthermore, Kaspersky warns of 5G vulnerabilities, targeted ransomware gangs using generic malware, and more disruptive attacks along with more money demands, threatening and blackmailing. 

“This will also result in increased collaboration between these cybercriminals and cyber gangs as they look at more effective ways of achieving their objectives. Different gangs will also start specialising in tools and other methods to better advance penetration,” Hasbini said.

He added that as people and companies rely more on technology, the number of threats will continue to increase. People must accept the risks of living a connected lifestyle and embrace the technology and tools available to safeguard themselves.

SOFT TARGETS

Small and Medium Enterprises are increasingly becoming the new targets for cyber criminals due to their lack of a cyber security strategy, according to experts at Dimension Data. 

A recent Central bank of Kenya report showed that SMEs lost Sh106 million in 17 months with attackers targeting weak controls of the systems given minimal verification of members’ identity as many worked remotely as part of the Covid-19 preventive measure.

“The impact of these breaches is detrimental to the operations of the business, a disruption that small businesses cannot afford in the current climate,” said Bright Mawudor, Dimension Data's Head of Managed Security Services for East and West region.

Saccos also experienced similar challenge that is detrimental to their businesses.

Dimensions data has launched a cybersecurity solution targeting SMEs. It will provide affordable security services aimed at helping SMEs establish a cybersecurity strategy.

This will include security design services, incident response with management, governance risk and compliance and cybersecurity assurance services.  

Mawudor said that they will also carry out real life demonstrations and proof of concepts for endpoint security, cloud posture and threat intelligence solutions for early detection to cyberattacks.

Majority of the SMEs have adopted cloud solutions to assist in the day-to-day running of their businesses since they have digitally transformed.

They were challenged to adopt a unified security architecture that ensures it is delivered as a platform with secure integrated security controls and centralised management.

“It is critical that owners of these businesses educate themselves on the risk of non-compliance when it comes to security protocols,” Henry Bett Senior Cyber Security Solution Architect, Dimensions Data said.

According to the Kenya National Bureau of Statistics (KNBS), SMEs contribute at least 70 per cent of new jobs. It also accounts for 33 per cent of the country’s Gross Domestic Product (GDP)