Kenya still struggles with cybercrime

With the region’s first growing tech market Kenya still struggles with cybercrime with limited mechanism to protect itself owing to unlimited skilled personnel to curb the menace.

By Brian Yatich

Cybercrime still poses a great threat to the Kenyan economy, last year alone, over 10 million hacks were recorded with social media becoming one of the primary targets with one in every ten people are attacked by hackers.

With the availability of more digital and internet devices such as cloud-based systems in corporate operations; individuals and companies have become an easy target to cyber-attacks.

According to a recent 2018/19 statistics released by the Communications Authority of Kenya, it shows an increase in the number of cyber threats targeted at Kenya’s cyberspace with over 10.2 million cyber events detected during the quarter as compared to 3.8 million in the previous quarter.

These grave statistics shows that cyber threats have gone up by 168 per cent. A status that is backed up by checkpoint – a live cyber-attack threat map which shows a live feed of hacking that is happening across the globe, posing a worrying trend.

Also during the same period, the regulator issued 12,197 cyber threat advisories of which the bulk was system misconfiguration (9,101). This was a 91 per cent increase compared to the previous quarter.


The report also added that the assaults which were executed through malware including phishing attacks and those done through the exploitation of misconfigured systems increased by 7.1 million and 901 respectively.

Within Kenya, the financial sector is the hardest hit by the attacks with research showing that in late 2018, banks accounted for 18 per cent of the attacks, while payment systems accounted for 10 per cent of the attacks.

Web application attacks including website defacement and illegal access to online applications and Denial of Service attacks which hampered the availability of computer services decreased by 327,682 and 457, 927 respectively.

“During this period under review, 12,197 cyber threat advisories were issued to the affected organizations marking a 91 per cent increase from the advisories sent out to affected institutions in the previous quarter,” the report reads.

CAK also noted that there is an increase in the number of fake mobile application hosted on popular online stores which deliver malware to mobile phones thereby defrauding unsuspecting users.

“There was an increase in cyber-threat globally. In particular, there were rising cases of malware and sale of stolen data and credentials which includes personal data and credit card information,” The regulator says.

Skills Gap

With Kenya’s first growing tech market and looming cyber-crime on the horizon, the country has limited to no mechanism to protect itself from cyber-crime.

It is against that backdrop that companies and individuals are eager to hire cybersecurity experts to guard against those risks. The problem: There are not enough individuals who can fill those roles.

The demand for skilled security professionals is one of the biggest challenges facing the cybersecurity industry today; this has, in turn, spun into a global challenge for every industry.

Microsoft Security Intelligence Report 2018, which looks at emerging cyber-crime trends over the past 12 months estimates that Kenya only houses 1,700 skilled cyber-security professionals, with 60 per cent of companies facing a shortage alluding to a need for more education, exposure, and adoption.

With these grave insights, many institutions lack trained teachers as well as course programs in cybersecurity, this robs students the opportunity to learn critical skills required by security specialists.

Lack of cybersecurity skillsets makes Kenyan businesses an easy target for both local and international hackers, a report by cybersecurity firm Serianu shows indicating that the cost of cybercrime in Kenya in 2018 was Sh30 billion, but organisations could lose more in the coming years because it is not equipped with the necessary tools and techniques to identify and deal with the hackers.

“With the cost of cybercrime increasing every year across Kenya, this is still a challenge to the nation,” the report reads.

The damning report further reveals that Kenya not only has a shortage of highly technically skilled people, but also an even more desperate shortage of technicians who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to Anticipate, Detect, Respond and Contain Cyber threats.

According to the report, the demand for skilled personnel stood at 10,000 people while the total population of professionals countrywide was less than 20 per cent, at below 2,000.

The report also revealed a weak verification process that was caused by staff with inadequate technical skills, which was potential to exposing the systems to malicious hacking.

A global cyber security report from Vodafone highlights that the more cyber ready a business becomes, the better its overall business outcomes.

Vodafone’s Cyber Ready Barometer notes 48 per cent of cyber ready businesses are reporting more than 5 per cent increases in annual revenue as well as high stakeholder trust levels.

This calls for Cyber readiness in Kenya with a mix of different measures including cyber operations, cyber strategies and resilience, an understanding of risk and employee awareness.