Listen to This Article Enhance your reading experience by listening to this article.

Communications Authority of Kenya (CA), the country’s communications watchdog, is sounding the alarm about a massive spike in cyber threats.

The number of attacks detected in the last quarter of 2023, a report by the regulator says, skyrocketed by a staggering 943 per cent, resulting in over 1.29 billion incidents. It highlights a concerning trend whereby vulnerabilities in systems like mobile operating systems are being exploited alarmingly.

System vulnerabilities, which are weaknesses in systems like mobile operating systems, topped the list with a 1,041.9 per cent increase, leading to over 1.2 billion incidents. These vulnerabilities are exploited by various threat actors, including cybercriminals, hacktivists, and even insiders with intentions ranging from data theft to service disruption and unauthorized access.

According to the report, Brute Force Attacks, specifically DDOS and Botnet, where hackers attempt to crack passwords, login credentials, and encryption keys through trial and error rose by 89.6 per cent, resulting in nearly 9.7 million incidents. Malware threats which are harmful software or code, also increased by 75.9 per cent, accounting for over 13.2 million incidents.

Despite being less frequent, Mobile Application Attacks grew by 94.1 per cent, totalling 52,705 incidents.

This is particularly concerning given the extensive use of smartphones for business transactions among Kenyans, small businesses. On the other hand, Web Application Attacks decreased by 32 per cent, down to 72,536 incidents, suggesting a possible shift in cybercriminal tactics.

The significant surge in system vulnerabilities is a pressing issue that requires immediate attention, especially considering the previous losses of over $53 million (Sh7.2 billion) suffered by Kenyan financial institutions due to cybercrime.

Financial losses

If left unchecked it could lead to severe implications such as financial losses, loss of trust due to compromised customer data, operational disruptions, and potential legal repercussions due to non-compliance with data protection regulations.

The CA report also indicates an overall increase in advisories, suggesting a proactive approach in alerting about potential threats. However, the significant rise in detected threats implies that more robust cybersecurity measures are needed.

As Kenya transitions to a paperless system, it becomes an attractive target for cybercriminals. Government databases containing sensitive information are at risk, and breaches can lead to severe consequences, including identity theft and national security risks.

Economic implications of these threats are significant, potentially leading to direct financial losses, impacting foreign investment, and even affecting the country’s gross domestic product (GDP).

To mitigate these risks, both businesses and the government must invest in robust cybersecurity measures. These include regular system updates, employee training, and the implementation of advanced threat detection and response systems.

Public-private partnerships in cybersecurity can also be beneficial in sharing knowledge and resources. The increasing cyber threats also underline the urgent need for comprehensive cybersecurity strategies.