As the push towards online delivery of government services to curb corruption and boost efficiency intensifies, the rate at which cybercriminals are targeting the country’s digital infrastructure is increasing.
According to the Communications Authority (CA) data, Kenya had 860 million cyberattacks in 2023, with the most pronounced one occurring on the eCitizen platform in July.
The attack resulted in delays in passport, e-visa, driver’s licence and identification card issuance, revealing serious vulnerabilities in the capacity to counter cyberattacks.
“The increased uptake of digital tools for payment and service delivery has resulted in more cyber risks, but lack of knowledge among citizens makes it difficult to deter threat actors,” says Clayton Naidoo, a cybersecurity expert working with ICT firm Cisco.
Many Kenyans are not equipped with the skills to counter the actions of cyber criminals, who have adopted more sophisticated techniques to breach systems.
Artificial intelligence
Hackers, for instance, are now leveraging advanced technologies such as artificial intelligence that enable them to bypass security checks without being detected.
Malicious actors are also diversifying their tool arsenal to include mobile malware, either to make money or collect sensitive information, as more Kenyans rely on mobile devices to transact.
“The first point of entry for cybercriminals here would be the mobile phones because there has been a significant surge in usage of these devices. The growth in e-commerce is also real, so there is a need to first address the vulnerabilities at these points,” poses Naidoo.
Human error, he notes, remains a substantial contributing factor to security breaches, with employees not being properly trained or having low awareness of best cyber practices.
According to the latest Cisco Cybersecurity Readiness Index, 86 percent of organisations in Kenya are impacted by a shortage of cybersecurity talent and awareness.
“Leaders must stay focused on embedding security training and understanding within organisations, as this is one of the most effective approaches to reducing the risk of a successful attack,” states Naidoo.
Being a technical field, the use of modern technologies such as virtual reality and machine learning could make it easier to train individuals with limited cybersecurity awareness on best practices.
“If you want to train a government official who is not cyber security aware of best practices, it would not make sense to start by taking them through reference architecture as they would not understand.”
A simple way of experiencing cybersecurity for someone who does not have much of a background on the subject would be through virtual reality.
“You can put on a VR headset and go in to get an idea of how cybercrime takes place,” the Naidoo official explains.
Cisco last week established a Cybersecurity Technology Experience Centre at the University of Nairobi in collaboration with the Information and Communication Technology Authority (ICT Authority) to train people on best cyber practices using modern technologies.
“The escalation of cyber threats demands significant investments in modern technologies to build resilience and strengthen defences. The centre will support organisations in securing digital assets and infrastructure," said ICT Authority CEO Stanley Kamanguya.
At the centre, security teams will also learn how technologies such as artificial intelligence and machine learning can be used to detect potential issues, streamline investigation and improve response time to cyber threats and attacks.
“With AI increasing the pace of change in our work and our lives, there is a need to ensure that communities have the skills to participate and respond to threats,” noted Francine Katsoudas, executive vice president and chief people, policy, and purpose officer at Cisco.
The centre is part of a three-pillar cybersecurity framework that the company has established in partnership with the government of Kenya to address cybercrime.
The first pillar involves educating the public on how to detect, prevent and respond to cyber threats, through a government learning portal, where public servants can access training content from basic to advanced levels.
Cybersecurity agency
“If you look at what needs to be done from a perspective of preventing cybercrime, it starts with education, you need to ensure that the entire population of Kenya is cyber aware,” says John Tanui, the ICT and Digital Economy Principal Secretary.
With the next population boom expected to occur in Africa, Mr Tanui notes that boosting local cyber capacity could enable the country to tap into the opportunity brought about by the growing digital penetration and the ensuing massive data that will reside here.
“As you can imagine, data is the new gold. Technology has the power to equalise potential, what we need to do is provide the right level of economic opportunity to our people. We are in the process of coming up with an agency that will deal specifically with cybersecurity,” says Mr Tanui.
