About 88 per cent of cyber threats and attacks were not responded to as at December 2017, latest regulator data shows.
Recorded at 4,589 cases of cyber threats and attacks reported in the October to December 2017 quarter, only 539 threats identified as the most critical were resolved.
This means that Kenyan companies and institutions stand to lose billions of money on cyber attacks as they are exposed to Cyber security risks.
The regulator reported that system misconfiguration, malware attacks and online impersonations were the most experienced threats in the country.
Cases of system misconfiguration that made computers and networks vulnerable and susceptible to cyber attacks were reported to be 187.
Malware attacks were 140, indicating growth of malicious activities through this method. They were followed closely by online impersonations that stood at 104 attributed to the heightened political and electioneering environment during the period under review.
The threats were analysed and validated by the national computer incident response team. The CA report follows the fifth edition of the Kenya Cyber-Security Report 2017 also released last week by ICT and Business consulting firm Serianu.
The Serianu report showed that the country lost Sh21 billion on the attacks in 2017 alone. The loss was second to Nigeria which lost Sh64.9 billion and more to that of Uganda and Tanzania which lost Sh990 million and Sh670 million respectively
It estimated that Kenya has only 1600 certified professionals who can effectively deal with such attacks. This probably explaining why only less that 20 per cent of the threats were responded to by the computer incidence response team. In Africa, the report estimated the total professionals in the Cyber security field at only 10,000.
Information, security and forensic expert at USIU Stanley Githinji lamented the huge skill gap in cyber security in Africa.
“The huge skill gap is a result of having academic programs that are not addressing industry’s needs. Although more students are choosing to pursue STEM degrees, many of these programs have a retention problem,” Githinji said.
He said going forward, institutions should develop their own hands-on training programs that are more relevant to industry’s needs as opposed to providing cyber security certifications in partnership with certification bodies.
In addition, it is reveals that over 90 per cent of organisations in the country operate below the cyber security poverty line which exposes them to risks, while 96 per cent of incidents go unreported.
Within the review period, Banking sector remained the most targeted industry in Kenya followed by governments institutions.
Serianu CEO William Makatiani said most of the attacks are aimed at gaining access to critical information, shut down business operations and fleecing unsuspecting individuals and organisations of their hard earned money.