Nearly all cyber threats and attacks detected between July and September went unresolved, the latest communication sector statistics show.
Communications Authority’s
first quarter report for 2018/19
shows the National Cybersecurity Centre detected 3.82 million cyber threats, a rise from 3.46 million reported between April and June.
The threat exposes many Kenyan companies, institutions and co-operative societies to the risk losing billions of shillings.
Within the review period, the banking sector remained the most targeted industry followed by government institutions.
The CA report indicates that only 0.17 per cent ( 6,384 ) of the total threats were determined as critical, validated and escalated for action.
While this was an increase from the previous quarter where 2,613 cases were
validated and escalated, it is relatively low compared to the increasing number of cases.
These range from malware attacks, system misconfigurations, web application, botnet, online fraud, online impersonation and online abuse attacks.
Cyber security consulting firm Serianu’s boss William Makatiani said the attackers bust internet networks to gain access to critical information and shut down business operations.
This
is besides fleecing unsuspecting individuals and organisations of money. Cases of system misconfiguration that made computers and networks vulnerable and susceptible to cyber attacks were
2,548.
Malware attacks were 1.84 million, but only 1,478 cases were validated. Web applications attacks stood at 1.06 million with only 828
validated.
Online impersonations were 196 while online abuse 158. It estimated that Kenya has only 1,600 certified professionals who can effectively deal with such attacks explaining why a small number of threats was responded to.
Information, security and forensic expert at USIU Stanley Githinji said there is still
a huge skill gap in cyber security in Africa. In Africa, the report estimates the total professionals in the Cyber security field at only 10,000.
More than 90 per cent of organisations in the country operate below the cyber security poverty line which exposes them to risks.