Over half of firms operating the .co.ke web domain, mostly small and medium enterprises, experienced heightened cyber attacks in the three months to September in the latest sign of how local companies are under relentless attack from hackers.
The Communications Authority of Kenya (CA) in its latest review shows over 50 percent of the 87,800 firms that own the .co.ke reported password breaches and insider threats, which also affected other companies with domains such as .com.
Overall, cybercrimes related threats in the country rose 199 percent to 278 million in three months to September with small firms reporting the highest incidents.
The period also saw a 169 percent surge in cyber threats advisories issued by the CA to stand at 5.3 million while data and internet subscriptions grew 1.5 percent to 48.4 million.
The country’s increasingly digitised economy buoyed by deep reach of handheld devices that link mobile money through telcos and banks, has exposed Kenya as a highly prone target for online fraud, with banks losing hundreds of millions of shillings every year.
CA estimates that during the quarter ending December 2020, Kenya’s economy lost in excess of Sh35 billion after reporting over 56 million cyber threats which was a 59 hike from the threats detected in the previous quarter.
A Visa Global Risk Investigations report last month showed that cybercriminals are now shifting their targets to physical points of vulnerability as in-person commerce resumes to pre-Covid levels.
According to the report, card-present threats such as physical skimming on ATMs and point-of-sale terminals increased 176 percent during the 12-month period to December 2021.
“As in-person commerce returns to pre-pandemic levels, crooks are back to exploiting the physical points of vulnerability in stores, while continuing to capitalise on e-commerce through malware, ransomware and phishing attacks, among others,” said Visa Chief Risk Officer, Paul Fabara in October. Digital commerce, which was vastly accelerated by the pandemic remains the richest target for cyber-attacks.
Widely circulated links promising free airtime, money and other products have been used in phishing attacks to collect personal data and use it to siphon cash.
The sector watchdog has in the past advised users to choose applications and plug-ins carefully as most backdoors hide inside seemingly benign apps and plugins.
For protection against cyber criminals, experts advise that one creates unique and strong passwords that have a mix-up of numbers, letters as well as special characters.
Additionally, users are urged to install anti-malware software to provide cover with an extra layer of protection.
For websites, the call is to convert sites into the more secure HTTPs so as to protect log-in credentials and pad users’ personal information with extra security.