Kenyan businesses face around 1400 cyberattacks each week

Cyberattacks on businesses around the world have increased by 29% this year. This growing threat in Africa is being driven by an increase in internet users, which creates a larger pool of targets for criminals, as we’ve seen in Kenya.

In January, the country’s connected population nearly reached 22 million, a figure that is likely to have increased as pandemic lockdowns forced many business and government services online.

With Kenya embracing digital transformation, how has cybercrime impacted local businesses? The Check Point Research Threat Intelligence Report for Kenya shows how widespread the problem is.

The average number of weekly attacks experienced by organizations worldwide was 870. In comparison, over the last six months, Kenyan businesses have experienced 1 408 cyberattacks per week.

Investigating Kenya’s Cybercrime Landscape

“It’s frightening to think that Kenyan businesses face nearly 540 more weekly cyberattacks than their global peers,” says Pankaj Bhula, Check Point’s Regional Director for Africa. “This highlights the urgent need for Kenyan businesses to take a proactive approach to cybersecurity solutions, while focusing on companywide security hygiene education to keep users and the business safe online.”

Cyber-attacks can cripple businesses, particularly micro, small, and medium-sized enterprises (MSMEs) that may not have prioritized cybersecurity during their start-up stages, leaving them vulnerable. According to the Kenya Association of Manufacturers, MSMEs contribute approximately 40% of the GDP; however, if unprotected, attacks on these businesses, which account for the majority of all businesses in Kenya, can have a significant economic impact, adds Bhula.

According to the most recent threat intelligence report, email is the most common vector for malicious-file delivery in Kenya, accounting for 70% of attacks in the last month. With email-based social engineering attacks on the rise, businesses must step up their efforts to raise cybersecurity awareness.

During the same time period, there has been an increase in the exploitation of vulnerable infrastructure, with Remote Code Execution affecting 69 percent of Kenyan organizations (RCE). A RCE attack involves a criminal gaining remote control of a device and the sensitive data stored on it.

According to the report, malware attacks affected 13% of the country’s businesses. Check Point identified one backdoor that was responsible for the majority of Kenyan-business cyberattacks among the most common malware, which included botnets and cryptominers. Floxif, a type of malware, affected approximately 13% of local businesses; globally, this malware infected over 2 million users in 2017, including large tech companies.

Globally, the public sector is among the top five industries most targeted by cyber-attacks, with government and military organizations experiencing an average of 1229 cyber-attacks per week. This figure is staggering in Kenya: 2 765. However, global financial institutions are subjected to an average of 760 cyber-attacks per week, while the number of attacks in Kenya is slightly lower at 745.

It’s encouraging to see Kenya’s financial players navigate security more efficiently than many of their global counterparts, but the number of weekly attacks must still be reduced to ensure financial inclusion and economic stability for Kenya’s population.

What can businesses do to protect themselves from cyber-attacks?

Cyber-attacks are becoming more likely simply because technology is becoming more integrated into all aspects of our increasingly digitalized lives. As a result, individuals, businesses, and governments will rely on cybersecurity more than ever before.

Businesses of all sizes must invest in IT security infrastructure in order to combat cybercrime in a proactive rather than reactive manner. To maintain business operations, these organizations will require comprehensive intelligence to proactively stop threats by monitoring networks and having proper incident response in place to respond to and resolve any attacks as quickly as possible.

Being proactive entails becoming more resilient, maintaining backups, and protecting sensitive data in new or improved ways. Businesses should also make sure that their security software, web browser, and operating system are up to date – updates are how developers deliver vulnerability fixes to protect against attacks.

Employees must also be kept informed of best practices for staying safe online while working in the office or remotely from home. Although there is still a risk of being attacked, sharing a few basic tips is one of the best ways to reduce cyber-attacks.

What are these fundamental guidelines? To begin, employees must be wary of phishing emails and avoid visiting unsecured websites. Second, they should only use trusted Wi-Fi networks and consider using a password manager to use different, strong passwords when accessing different websites.

It is important to note that even the most sophisticated cyberattacks can be avoided through education and proper cybersecurity solutions without interfering with business operations.