It is always thought cybercriminals target big companies in order to demand ransom running into millions. However, recent trends show that hackers are shifting their focus to small online businesses mainly because they are vulnerable.
These SMEs and payment portals are now facing an increased risk of cyber attacks, experts have warned, on wide usage of mobile payment solutions.
“Cybercriminals are now targeting small businesses more as they have realized that these enterprises do believe they would be exposed due to their comparatively low turnovers until they lose their data and payments are compromised,” Agora Group co-founder and chief executive officer (CEO) Hadi Maeleb said.
Over the recent past, financial institutions, State agencies, healthcare, energy and utilities have faced mounting cyber-attacks on the adoption of e-commerce platforms.
Speaking during the inaugural Africa Cybersecurity Congress held in Nairobi, Mr Maeleb said the threats to online businesses were growing at an exponential rate as more than 90 percent of business owners are unaware that their enterprises are at risk.
The Communications Authority of Kenya's third-quarter data — between January to March 2022 — showed that a total of 79.2 million cyber-attacks were reported, promoting the government to issue 28,848 advisories in an attempt to curb the rising attacks.
Mr Maeleb noted that there is no silver bullet to cybercrime and business owners should invest in cybersecurity tools.
"Unfortunately for them, the business of cybercrime has evolved to a point where attacks like ransomware are now sold as a service,” he said.
“This ‘democratization’ of cyberattacks is expected to push losses due to business interruption, financial theft, personal data breaches and even ransom payments over the Sh4 trillion mark by end of 2022,” he added.
After President Uhuru Kenyatta imposed tough lockdown measures such as social distancing, online learning, and working from home, the adoption of digital solutions such as e-commerce, remote working and banking went up as Kenyans turned to online platforms to curb the spread of the coronavirus.
Whereas these measures accelerated the adoption of digital platforms, they also increased vulnerability such as data breaches, ransomware, cyber bullying, harassment, data breaches, and phishing attacks.
With more than 1 million local businesses running online, Mr Maeleb said this creates an attractive environment for threat actors.
Kenya’s ICT Policy which came into effect in 2006, is credited for creating an enabling environment for the growth and usage of technology.
To achieve Kenya's Vision 2030 goal of regional ICT hub, the tech sector was expected to contribute directly and indirectly to an additional 1.5 percent to Kenya’s GDP by 2017/2018.
The usage of digital platforms, however, exposes users to safety and security concerns.
To address the problem, Safaricom and Huawei in March partnered with Swahilipot to train University in cybersecurity.
Communications Authority acting assistant director innovation, research and development Gilbert Mugeni said Kenya has a major cybersecurity capacity gap, with more than one-third of organisations struggling to find competent experts.
With the number of certified cybersecurity professionals being low, companies have been forced to scramble for the few cyber security experts.
A survey covering the period between 2013 and 2021, done by global cyber researcher and publisher Cybersecurity Ventures, says the number of unfilled cybersecurity jobs grew from one million to 3.5 million globally.
“There is a shortage of cyber analysts in the country and on a larger scale globally. The Covid and post-Covid period shook the cybersecurity ecosystem and there is an overall feeling that the cybersecurity skills gap has actually increased,” said Samuel Keige, head of SOC Presales Engineer at Revere Technologies Limited.
The task of the National Computer and Cybercrimes Coordination Committee, which was established to coordinate cyber activities and be the central point of contact for all matters cybersecurity in Kenya, is to rally all stakeholders to prioritise cybersecurity and adopt a proactive approach when dealing with cybersecurity matters.
This is because policy gaps in key areas persist, including fostering creativity and artistic expression, lack of an infrastructure sharing policy, industry code of practice, continued information sharing and low network integrity.