Kenyan Companies at Risk of Losing Billions on Cyber Attacks

Kenyan companies and institutions are at risk of losing billions to cyber-attacks as a result of Cybersecurity risks.

Latest data from the Communication Authority shows that approximately 88 percent of cyber threats and attacks were not responded to as at December 2017. Of the 4,589 threats and attacks reported between the October and December 2017 quarter, only 539 threats were considered critical and were dealt with.

According to the regulator, malware attacks, online impersonations and system misconfiguration were the most predominant in the country.

The number of recorded malware attacks were 140, online impersonations 104, and system misconfiguration leading with the highest number at 187. Prolonged electioneering period and heightened politics were attributed to the online impersonations.

In early April 2018, the ICT and Business consulting firm Serianu released the fifth edition of the Kenya Cyber-Security 2017 Report. It showed that Kenya lost 21 billion shillings on the cyber-attacks in 2017 alone. Nigeria came second losing 64.9 billion shillings and more to that of Uganda and Tanzania which lost 990 million and 670 million shillings respectively.

Estimations show that Kenya is under skilled with only 1600 certified professionals who can effectively resolve cyber-attacks. It is no wonder that less than 20 percent of the threats were responded to by the computer incidence response team. In fact, according to the report, Africa has approximately 10,000 professionals in the field.

“Academic programs in Kenya do not cover the industry’s needs, which is why we have such a huge gap. Even though lots of students are opting for STEM degrees, many of the programs can hardly retain them,” Information, security and forensic expert at USIU Stanley Githinji lamented.

He also advised that to handle the issue, institutions should develop exclusive programs that provide relevant skills to cater to the industry’s needs as opposed to focusing on providing cybersecurity certifications in partnership with certification bodies.

Currently, more than 90 percent of organizations in Kenya operate below the cybersecurity poverty line which exposes them to risks. A total of 96 percent of the threats and attacks go unreported.

The banking sector remained the most targeted industry in Kenya within the review period followed by governments institutions.

“Most of the attacks are aimed at gaining access to critical information, shut down business operations and fleecing unsuspecting individuals and organizations of their hard earned money,” said Serianu CEO William Makatiani.