Cyber threats in Kenya more than doubled in the year to June, new data by the by the Communications Authority of Kenya (CA) shows, indicating hightened risk.
The National Cybersecurity Centre (NCC) detected 51.9 million threats for the 2018-2019 period, compared to the 22.1 million recorded in the 2017-2018 period
In the last quarter of the year alone, some 26.6 million cyber threats were picked compared to 11.3 million threats in the January-March period this year, the regulator said.
The CA said this increase mirrored a global trend.
“This increase in the number of cyber threat events detected is attributed to the global increase in malware including ransomware attacks during this period,” said CA in its latest report.
The trend highlights the growing threat that millions of internet users in Kenya face today as attackers become more aggressive and complex.
The number of advisories given by the NCC jumped 15.3 percent to 16,347 in the last quarter.
The most prevalent attack according to CA is malware which shot from 8.9 million in the first three months of 2019 to 21.1 million in the April-July period.
Cases of system vulnerability also more than doubled, making the case for organisations to invest more in cyber security and strengthen their infrastructure to avert losses.
Further, based on Africa Cyber Security Report- Kenya released early this year by Serianu, about 60 percent of local companies are short of cybersecurity professionals.
In the 2018-2019 period, the NCC detected about 47,913 system vulnerabilities, which was an increase from 13,319 in the third quarter to 28,597 in this quarter.
But even with cybercrime increase number, prosecution of culprits is still low with only seven percent of cases successfully prosecuted, Serianu said in the report.
In June, a host of government websites including National Youth Service (NYS) and Integrated Financial Management System (IFMIS) portals were hacked by an Indonesia hacker group, Kurd Electronic Team.
This was coming barely a few years after another Indonesian hacker group brought down 100 government websites.
The losses are not restricted to government platforms. E-commerce platform Jumia Kenya reveled recently that it lost at least Sh118 million in the last two years due to cyberfraud.
Banks and other financial institutions have recorded an increase in attacks. In late April over Sh11 million was stolen from four Barclays ATMs in the city.
Cybercrimes in 2018 cost Kenya Sh29.5 billion, according to the Serianu report. This was a 40 percent increase from Sh21 billion reported in 2017.
The cybersecurity firm further noted that Sh230 million was lost through personal computers. About Sh100 million was lost through emails, Sh70 million through fake cheques and Sh66 million in identity theft.
In 2017 and 2016, Kenya lost an estimated Sh21 billion ($210 million) and Sh17 billion ($170 million) to cybercrime respectively.
Banks, insurance firms and saccos last year spent about Sh6.4 billion to beef up their cybersecurity. The government and other private companies including service providers invested Sh5.9 billion and Sh4.8 billion respectively.
Early this year, Russian cyber security firm Kaspersky Lab placed Kenya among the top 10 countries susceptible to mobile malware attacks.
According to the report, 29.7 percent of mobile users in Kenya were attacked by a malware including trojan-dropper, adware and risk tool.
A report by Microsoft in the past said that ransomware, a malicious software that blocks a user’s access to gadgets until a payment is made, would continue to be a popular method used by cyber criminals this year.
The CA noted in its latest report that ransomware attacks are on the rise, putting millions of mobile users who transact online at risk. According to the latest edition of Microsoft's annual Security Intelligence Report (SIR), the country lost approximately Sh29.5 billion to cybercrime in 2018. These crimes include malware attacks, third party exposure and SIM swap.
Worryingly though, Kenya has only 1,700 skilled cybersecurity professionals against a growing demand.
“Kenyan companies are reluctant to develop the skillsets of their security team through frequent trainings and certifications. This is due to the fact that information security is still seen as an expense rather than a return on investment,” Microsoft said in its report.
An executive opinion survey published early this month by the World Economic Forum(WEF) showed that cyberattacks were among the biggest risks for business in Kenya.
However, the country has witnessed cyber vigilance particularly among financial institutions, where regulators released a number of guidelines such as the Sacco Societies Regulatory Authority (SASRA) guidelines on cyber security and the Ministry of ICT’s Data Protection Bill-which is still under review.