Cybercriminals are more commonly targeting unsuspecting corporate users in Kenya as a way to compromise corporate systems.
During the first half of 2021, 29 percent of corporate organizations in Kenya experienced financial malware attacks, a new report has revealed.
According to the Kaspersky report, organizations in Kenya have become susceptible to financial malware as more employees work outside the relative safety of the corporate network.
It noted that although the overall number of financial malware attacks in Kenya has decreased in the first half of 2021 when compared to the same period in 2020, 29.3 percent of the 7,962 attacks recorded in the country targeted corporate users, which is a cause for concern.
“As local businesses have continued to adjust to remote work scenarios and the rest of the circumstances surrounding the COVID-19 pandemic, we have continued to witness cybercriminals using this to their advantage, exploiting the situation however they can,” said Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa.
It is evident from the stats that cybercriminals are more commonly targeting unsuspecting corporate users in Kenya as a way to compromise corporate systems.
The normalization of a distributed workforce makes ensuring the protection of the personal endpoint devices of people, who need to access back-end systems to continue performing their job functions, that much more critical.
In addition to securing these devices, cybersecurity training of employees remains a key component to defend against the growing scourge of financial malware that uses phishing techniques to target individual users.
Mr. Opil added that financial phishing has become one of the most popular tools used by cybercriminals to make money since it does not require much investment or technical expertise from a hacker and can be propagated quickly.
“In most cases, successful scammers win access either to the victim’s money or data that can be sold or otherwise monetized. For any business, this points to how important it is to address one of the weakest links in the cybersecurity chain – that of the individual user. It also signifies the importance of remaining vigilant from a cybersecurity perspective, especially during difficult operating conditions,” he explains.
Some of the best practices that must be employed include having employees only install applications from reliable sources, such as official app stores. Even so, they must always examine the permissions the application requests.
If these permissions do not match the intended function of the program, then they must be questioned and brought to the attention of the IT administrator. Companies and consumers alike must also install trusted security solutions on all devices connecting to the Internet, to help safeguard against a range of financial cyber threats.
The same goes for ensuring that all software has the latest security patches and updates installed.
Beyond the fundamental cybersecurity solutions and training, companies must also consider using the likes of anti-advanced persistent threat (APT) and endpoint detection and response (EDR) technologies to further shore up the defensive posture of their network environment.
“With the landscape unlikely to change for the foreseeable future, it is best to combine sophisticated cybersecurity solutions with continuously evolving training to keep employees apprised of the latest threats especially when it comes to financial malware,” concludes Opil.