Regulator warns of rise in cybersecurity threats

A hacker, hacking
A hacker: Last week, the CA warned of a malware dubbed Emotet that accessed confidential information of Kenyans using online banking and payment systems. PHOTO | FOTOSEARCH 

The National Cybersecurity Centre (NCC) detected over 3.8 million cyber threats in the first quarter of 2018-2019, indicating that Kenyans continue to be at a high risk of online attacks.

According to a new report by the Communications Authority of Kenya (CA), the threats represented an increase of 11.76 per cent from the last quarter of the year where 3.4 million threats were detected.

CA attributed the increased threats to enhanced cyber threat detection capabilities through deployment of additional sensors and increased resources towards cyber threat analysis

“The cyber threats detected varied from denial-of-service (DoS) including botnet and brute-force attacks that led to denial of computer services and illegal access to computer systems; online impersonation via social media accounts and domain names; website attacks including defacement; malware including phishing attacks; online abuse including online fraud, hate speech, incitement to violence and fake news; and systems misconfiguration,” says the CA report.

The report revealed the susceptibility of Kenyans’ personal information and money in a country where financial institutions are eager to integrate digital technology to keep up with telcos which play an important role in facilitating transactions.


Financial institutions lost Sh21 billion due to attacks on cybersecurity in 2017.

Last week, CA warned of a malware dubbed Emotet that accessed confidential information of Kenyans using online banking and payment systems. The malware, which attacked 11 Kenyan institutions, can cost up to $1 million (Sh102 million)per incident to resolve, according to the United States Computer Emergency Readiness Team.

Deposit taking saccos, which boasted a total assets portfolio of Sh442.3 billion in 2017, are also highly vulnerable when it comes to cybersecurity.

This heightens the risk of loss of deposits by the more than 3.5 million Kenyans enrolled.

Nearly 70 per cent of the 174 saccos countrywide have mobile applications for their customers.

According to a report by IT services consulting firm Serianu, 97 per cent of saccos spend less than the threshold $10,000 (Sh1.02 million) on cybersecurity, revealing laxity in protecting customers from cyber crime.

The CA report paints a picture of increased threats in the form of malware, web application attacks, system misconfiguration and online impersonation. However, there is a marked decrease in online abuse.

The 6,384 cases which the NCC determined to be critical and escalated for action were 2.4 times those recorded in the previous quarter.

Some regulations have been effected to protect Kenyans. For instance, the Sacco Societies Regulatory Authority released a set of guidelines which set minimum standards that saccos should adopt to develop effective cybersecurity governance and risk management frameworks.

However, Kenyans still remain in limbo over the Cyber Crimes Bill after the High Court temporarily suspended 22 sections of the law when industry players criticised it for targeting content creators rather than looking out for citizens’ digital wellbeing.