Kenya's financial-technology sector has grown over the years but so have cyber criminals, who have devised new tactics that pose a threat to this evolution.
Cyber-attacks are increasingly becoming a constant threat to businesses across the globe particularly in Kenya. The country was ranked 35th most cyber-attacked country globally by Kaspersky in June, with attackers targeting the financial sector and digital infrastructures.
Fintech companies are facing an increasing number of sophisticated attacks, ranging from phishing attempts and data breaches to ransomware campaigns.
The Communications Authority said Kenya has witnessed an alarming surge in cyberattacks, with a staggering 860 million incidents recorded in the past year and 123.9 million cyber threats during the three months to last September.
The regulator expressed concerns over the escalating frequency, sophistication and scale of these cyber threats, particularly targeting Kenya's critical information infrastructure.
The latest attacks targeted Kenya’s digital infrastructure which affected both public and private institutions. Kenya Power and Lighting Company, Kenya Railways Corporation and the National Transport and Safety Authority.
These attacks also affected digital banking and mobile services.
“The first person to blame is where that data is sitting that is data custodians and the second is the customer who lacks awareness,” said Michael Odundo SIB research analyst.
“ As wealth management applications become increasingly popular on mobile and through cloud-based services, attacks such as Distributed Denial of Service (DDoS), ransomware and phishing continue to rise,” read the latest Capital Markets Authority (CMA) soundness report.
The report highlighted how susceptible financial institutions are, as they increasingly depend on emerging technology amidst growing digitisation.
“These vulnerabilities can enable manipulative, illegal and abusive trading practices, increasing the risk of automated rogue trading strategies that could contribute to flash crashes,” read the report in part.
Mr Odundo says hackers have become more vigilant and have devised ways to breach systems and con customers to share personal data. The use of two-factor authentication and sensitisation are some of the strategies fintechs are using to tackle cyber threats.
“Ensuring your data is housed in different data centres, different levels of approval in the case of rogue employees, avoid one person handling all the information,” added Mr Odundo.
Businesses have put in place measures to minimise cyber-attacks like installing firewalls, creating data backups and encryption, reducing attack surfaces and conducting regular employee cybersecurity training, among others.
A recent Kaspersky report said cyber criminals are now sending malicious software to gather data from devices and later send it to third parties and calls for more pointed attention to the threats and rollout of proactive measures to safeguard Kenya’s digital infrastructure.
In the wake of the new threats, Kenyan fintech firms have rallied to fortify their defences against an ever-evolving landscape of cyber threats.
However, the cyber security skills gap continues to inhibit individuals, organisations and government’s ability to find and retain talent.
Experienced cybersecurity professionals are hard to find and expensive to retain.
As a way of addressing this gap, the Kenyan government has made partnerships with various organisations, created cyber security laws and set up a data protection office to ensure the privacy of our data.