Kenya is putting its best foot forward in securing its cyber space, but more hurdles abound as the complexities of the dark web heighten with advances in Internet connectivity, a new study shows.
The country has improved by 13 points in cyber resilience, moving from position 45 out of 60 in 2018 to 29 out of 76 in 2019 and leading in Africa, according to a cybersecurity index report released recently by cyber statistics company Comparitech.
Mobile phones are the top target by cyber attackers, with 16 percent being infected by malware, being an improvement from 2018.
“The number of financial malware attacks fell to one-third of what it was in 2018, now affecting just 0.4 percent of users in Kenya.
“The percentage of desktop computers infected with malware also fell from 17 percent to 11 percent. Cryptojacking attacks went from affecting 3.4 percent of the population to just 1.28 percent,” the report reveals.
This can be attributed to more awareness and mitigation after the corporate scene lost Sh29 billion in 2018, according to cyber security consultant, Serianu.
“Our study doesn't address the cause for such changes, but I surmise the improvement is the result of more cybersecurity awareness among Kenyans and better security built into newer devices,” Paul Bischoff, editor of Comparitech told Digital Daily.
Denmark is the most cyber-secure country in the world, according to the survey, taking over from Japan, which dropped four places to the fifth most cyber-secure country.
Sweden, Germany, Ireland, Japan, Canada, Finland, United Kingdom, France and Netherlands make the top ten list of countries well prepared to deal with the shock waves of cybercrime.
In Africa, Kenya is followed by South Africa, Morocco, Nigeria and Egypt while Algeria holds the last position in the second year running.
“Algeria is still the least cyber-secure country in the world despite its score improving slightly. With no new legislation, as was the same with all countries, it is still the country with the poorest legislation,” says the report.
At 52 percent, Iran has the highest number of mobile malware attacks, while Belarus, at 2.9 percent leads in the number of financial cybercrime incidences.
Finland has the least number of mobile malware infections at 0.8 percent of users. Denmark, Ireland and Sweden share the best score in detonating financial attacks, pushing them to 0.1 per cent.
“It is encouraging to see that most countries have improved overall. No country dominates every category, so every country still has room for improvement.
“Whether they need to strengthen cybersecurity legislation or users need better protection on their computers and smartphones, there’s still a long way to go,” said Mr Bischoff.
Traditional cybersecurity measures are increasingly being rendered ineffective in an era where cyber attackers have devised new and more dangerous online weaponry to pilfer critical data and money.
Reuters has reported that the United States is reorganising its cyber defence mechanisms, with recommendations for the creation of a new ‘National Cyber Director’ at the White House and a unique State Department Bureau for cyber issues. This is has already been implemented by Israel
“Since 2015, large-scale cyberattacks, such as the so-called WannaCry ransomware outbreak, have crippled hospitals, government offices and other infrastructure providers,” it reported.
This has pushed cybersecurity experts to strive to design systems that stay ahead of the criminal elements.
Cyber criminals, according to Maty Siman, founder of Israel-based cybersecurity firm, Checkmarx, are thriving in the advancement of Artificial Intelligence (AI) and Machine Learning (ML) to launch attacks to any system.
“Because hackers are using advanced AI to scale their attacks, we must go ahead of them to use Machine Learning to train our systems how to detect even the most invisible worm, Trojan, botnet, malware, scripting virus, ransomware and spyware and destroy it,” he says.
These attacks come as snares in other forms such as file hashes, Internet Protocol links, zip files, execution files, applications, spear phishing, Dedicated Denial of Service (DDoS) and Advanced Persistent Threat (APT) making the cyber security space complex for many corporates.
However, with threat intelligence and monitoring anchored on AI and Big Data, these attacks are gathered, automated, investigated and shared among experts to maintain full control of private and classified information.
Mr Niall MacLeod, Director of Solutions Architecture in Europe, Middle East and Africa at global threat intelligence leader Anomali says that AI can help users make effective decisions about how to respond.
“With one click, they can scan Web-based content, detect and highlight all threats identified within, provide easy-to-understand details about the threats and tell users if any threats are already present in their networks,” he explains.
Web content scanned includes news, blogs, research sites, bulletins, Security Information and Event Management (SIEM) logs, digital security logs, reports, Twitter and other social media networks.
The nature of attacks is changing, and most Kenyan corporates, according to the report, seem to catching up with these dynamics compared to a year ago, as SMEs and Saccos now commit more money to budgets for cybersecurity.