Kenyan firms were hit with 37.1 million cyber-attacks, between October and December 2019, according to data from the National Kenya Computer Incident Response Team Coordination Center (National KE-CIRT/CC).
Communications Authority’s (CA) Quarter 2 statistics report in the ICT industry covering the period of October -December 2019, it represented a 47.3 percent rise of the crimes reported compared to 25.2 million registered in the second quarter that started in July, ending in September 2019.
CA in its report attributes this to “… an exponentially high number of malware threats detected, as demonstrated by an increased number of cyber threat advisories issued during the quarter.”
This forced the CA to issue 16,637 advisories to the affected companies which were a decrease in the number of advisories the authority had issued in the last quarter.
“During the quarter under review, we issued advisories which are a 2.8 percent decrease from the 17,127 advisories sent out in the previous period of July-September 2019,” the report further indicates.
The Capital Markets Soundness second quarter 2019 report also said that Cybercrime is the biggest challenge to financial markets whose potential economic costs can be immense and damaging to public trust.
Consequently, the 6th edition of the Cyber Security Report by Serianu Limited emphasized that cybersecurity skills shortage is worsening in Kenya amidst the raising cases of breaches.
Serianu Limited estimates that Kenya needs at least 10,000 cybersecurity professionals to keep abreast with the number of organisations in need of this critical skill.
In a policy brief, ‘Kenya’s Cybersecurity Framework: Time to up the Game!” by the Kenya ICT Action Network (KICTANet), a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation, calls for the establishment and implementation of an effective policy, legal and institutional framework to anticipate, detect, respond and combat cyber threats and build resilience in the country.
Authored by Grace Githaiga, Co-Convenor, KICTANet, and Victor Kapiyo, Partner Lawmark Partners LLP, note that cyberattacks evolve faster than cyber defences in the frequency, scope, and sophistication.
“The surge is attributed to a number of factors. these include insufficient technical training of employees, an increase in the number of homegrown cybercriminals in Kenya, a low level of awareness and insufficient training of law enforcement.”
They also state that there is a failure by most organizations and companies to install system updates, patches and firewalls, low levels of security awareness amongst the public, lack of regulatory guidance from industry regulators and government.
The brief finds out that it takes 260 days to detect an attack in a typical organization. Further, 91 percent of cases o unreported and only 2.9 percent of the reported cases are prosecuted.
“This state of affairs raises fundamental questions on the effectiveness of the existing policy, legal and institutional framework to address the cybersecurity challenges that the country is experiencing,” they state.