According to our recent Liquid C2 report, The Evolving Cyber Security Landscape in Africa cyberattacks on Kenyan businesses increased by 82 percent in 2022.
Within the same period, 90 percent of the businesses reported some form of a data breach, with phishing and SPAM the most prominent threats.
The statistics don’t end there. The National Kenya Computer Incident Response Team Coordination Centre found more than 143 million cyber threat events in just three months in 2021, and the Kenya National Bureau of Statistics found, in the Economic Survey 2023, that the number of reported crimes more than doubled to 700 million in 2022 — that’s a million threats a day.
The Kenya Data Protection Act penalises organisations that have had customer data or personally identifiable information leaked or stolen, especially if they have not embraced cybersecurity specific to data protection, and it does not discriminate between the SME or the enterprise.
Recovering from a successful attack is expensive in terms of downtime, reputational damage, potential legal costs, and a loss of trust across customers and partners.
Some attacks, such as ransomware, also prevent businesses from accessing critical data, bringing the entire operation to a halt until the ransomware has been removed.
Many companies opt into paying the ransom, and this adds even more zeroes to the cost of an attack.
What many SMEs also don’t realise is that when their systems are compromised, the data they hold can be used to orchestrate more profitable attacks — the hackers use the information to gain access to other organisations, especially those that do business with the initial victim such as suppliers or customers.
There has to be more training, awareness and visibility into the risk of cybercrime and the importance of investing in a solid cybersecurity strategy.
SMEs need to know how the risks stack up and what they can do to protect themselves. They also need support that’s relevant to their size and their budgets so they can safeguard their digital assets, protect sensitive information, and limit the impact of any breaches.
A robust and reputable cybersecurity strategy will not only cut the risk of a cyberattack but also make it easier for the SME to recover if an attack occurs.
It will also ensure the SME is compliant with regulations so that an attack doesn’t come with the sting of fines and bureaucratic complexity.
Cybersecurity prevention needs not to be costly. Strong passwords with multi-factor authentication, training that educates staff on the risks and how to identify them, regularly updated software and systems, security patches, and backups are all low-cost but important investments in a solid cybersecurity strategy.
An antivirus software and firewall are essential, as is investing in cyber security solutions designed specifically for SMEs.
The cost of these solutions is not excessive and will ensure that companies can perform with agility and security on the digital stage.
Cyber security in Kenya is paramount in today’s evolving digital economy. If businesses are to safeguard themselves against hackers and cyber syndicates, the first step is ensuring that they have the right tools at hand.
And these tools can be provided within Liquid C2’s Managed Security Service Portfolio, which includes the Liquid C2 Cyber Security Fusion Centres in Kenya, South Africa, Zambia and Egypt.
The centres unify all security functions across threat intelligence, security automation, threat response, orchestration, incident response and more into a cohesive unit that meets the very direct needs of the business.
The goal of Liquid C2’s Cyber Security Fusion Centres is to provide companies with a trusted and innovative partnership that provides enhanced threat detection alongside empowering organisations to manage the risks and remain compliant.
The writer is the Executive Head of Cloud and Cybersecurity at Liquid Intelligent Technologies.