As countries seek to enhance efficiency by adopting technology and scaling up opportunities in the digital economy, one of the key risks that is emerging is cybersecurity.
There have been growing cases of cyber-attacks, mainly targeting public sector organisations, which are seen as more vulnerable due to the slow pace of building strategies and deploying tools to protect such entities.
Kenya suffered a high-profile cyber-attack on the government's eCitizen platform in July 2023, which saw access to over 5,000 services from ministries, county governments, and agencies paralysed. This tested the cybersecurity and resilience of the rapidly digitalising country, which has also increased reliance on mobile money to pay for government services on the eCitizen platform.
The attack was classified as Distributed Denial of Services (DDoS) and no data was reported as lost or compromised.
According to the Communications Authority (CA), Kenya recorded 860 million cyber-attacks in 2023 compared to 7.7 million six years ago. There is a surge in the frequency, sophistication and scale of cyber threats targeting the country’s critical information infrastructure. Of these attacks, 79 percent were a result of cyber criminals exploiting vulnerabilities in organisations to gain unauthorised access to computer systems.
Malicious software accounted for 14 percent of the attacks, while Distributed Denial of Services (DDoS) accounted for 6.5 percent followed by attacks targeted at web applications. The most targeted sectors in Kenya are financial services, healthcare, education, energy and utilities, as well as government agencies.
To address the threat, Kenya developed a National Cybersecurity Strategy, 2023-2027, which provides for a unified approach in the implementation of cybersecurity activities.
The Strategy’s objective is to build a secure and resilient cyberspace through a coordinated approach while maximising the benefits of a digital economy.
Cybersecurity threats pose risks to individuals, businesses, and even governments since they can lead to data breaches, financial loss, reputational damage, and service disruption. Kenya was ranked among the top three most targeted countries in Africa in 2023 ahead of Nigeria and South Africa.
Several institutions have experienced cyber-attacks putting their reputation at risk, underscoring the need to develop robust and adaptive cybersecurity strategies to address the evolving cybersecurity threats.
Despite the promise of creating many jobs for the youth and enhancing operational efficiency in both the private and public sectors, the scaling up of the digital economy in Kenya, has increased vulnerability due to advancement in technology.
The emergence of Artificial Intelligence (AI) as an important cog in the global technology ecosystem has opened new vulnerabilities. This is because AI has become widely available to the public through open-source chatbot systems like ChatGPT, which create content from simple prompts.
According to the UK's National Cyber Security Centre, AI will make it easy for amateur cyber scammers to conduct phishing attacks using fake emails that appear genuine. The result is expected to be more convincing fake emails, free of poor grammar and spelling mistakes, including phishing messages, that trick recipients to reveal account passwords or personal information.
By 2025, generative AI and language models will make it difficult to assess, regardless of the level of cybersecurity understanding, whether an email or password reset request is genuine. Ransomware attacks are also expected to increase as AI makes it easier for amateur cybercriminals and hackers to target victims and access sensitive information or even paralyse their systems.
The World Economic Forum’s Global Cybersecurity Outlook 2024, produced in collaboration with Accenture, shines a spotlight on the widening cyber inequity and the profound impact of emerging technologies. According to the report, a stark divide between cyber-resilient organisations and those that are struggling has emerged.
The cyber inequity is worsened by the unique threat landscape, industry regulation and early adoption of innovative technology by some organisations and nations. Other barriers include the rising cost of cyber services, tools, skills and expertise, which influence the ability of the global ecosystem to build a more secure cyberspace.
The increased dependence on technology to facilitate transactions post-COVID-19 across the globe makes the situation worrisome.
In recognition of the danger posed by the growing cyber inequity, there is an urgent need to pursue a coordinated global approach to establish a minimum cyber resilience standard, which countries lagging behind need support to meet.
This is with the recognition that nations operating at the highest standard are still vulnerable due to the dependence on technology to facilitate transactions in an increasingly interconnected world.
The author is the Chief Executive Officer of Fanisi Online Ltd.